resend
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Local Command Execution]: The skill utilizes Bash to run the emulator using npx and to interact with the API via curl. These commands are restricted to the local environment and are part of the intended developer workflow for testing email integrations locally.
- [Indirect Prompt Injection Surface]: The emulator stores and retrieves arbitrary email data. If the agent is instructed to read and act upon these emails, it may process instructions embedded in the simulated message bodies. • Ingestion points: The agent fetches email content from the local API endpoint (http://localhost:4000/emails) as described in SKILL.md. • Boundary markers: No delimiters are specified to distinguish between the captured email content and the agent's instructions. • Capability inventory: The skill provides access to Bash for tool execution and data retrieval. • Sanitization: The documentation does not detail any sanitization of the HTML or text content within the emails before they are processed by the agent.
Audit Metadata