send-email
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection through its template system. Evidence shows untrusted data can be interpolated into HTML files without boundary markers.
- Ingestion points: External data is processed into placeholders in assets/report-summary.html ({{summary}}, {{highlights}}) and assets/simple-notification.html ({{message}}).
- Boundary markers: Absent; there are no delimiters or instructions for the agent to ignore embedded commands within the ingested data.
- Capability inventory: Based on references/smtp-servers.md and requirements.txt, the skill is intended for network-based email delivery.
- Sanitization: No sanitization or escaping of external content is present in the templates.
Audit Metadata