agentmail
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes bash, curl, jq, and base64 to interact with the API and handle file data as part of its core functionality.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill transmits email data to the api.agentmail.to domain using an AGENTMAIL_TOKEN provided via an environment variable. This is consistent with the skill's primary function.
- [EXTERNAL_DOWNLOADS]: The skill fetches data and configuration from the vendor's API and provides functionality to download email attachments via pre-signed URLs.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of incoming email content.
- Ingestion points: Incoming email subjects, bodies, and attachments retrieved via the API or webhooks.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the skill's templates.
- Capability inventory: Includes local file reading/writing and external network communication via curl as documented in SKILL.md.
- Sanitization: The skill does not provide mechanisms for sanitizing or filtering external content before processing.
Audit Metadata