zeptomail
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
bash -candcurlto interact with the ZeptoMail API. This behavior is consistent with the skill's primary purpose of sending emails via a command-line interface. - Ingestion points: User-provided email addresses, subject lines, HTML/text body content, and template merge fields are ingested and written to
/tmp/zeptomail_request.jsoninSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are present in the provided examples.
- Capability inventory: The skill utilizes
bash,curl, andbase64across all Send Mail examples. - Sanitization: No explicit sanitization or filtering of user-provided content is implemented within the shell commands.
- [EXTERNAL_DOWNLOADS]: The skill connects to
api.zeptomail.com, which is the official well-known service domain for Zoho ZeptoMail. - [DATA_EXFILTRATION]: Authentication is handled via the
ZEPTOMAIL_API_KEYsecret defined in the skill's metadata. No unauthorized network operations or access to sensitive local files were detected.
Audit Metadata