Skills
skills/wecode-ai/wegent/himalaya-mail/Gen Agent Trust Hub

himalaya-mail

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the himalaya CLI tool to perform email operations such as listing, reading, and sending messages.
  • [DATA_EXFILTRATION]: Accesses the email configuration file located at ~/.wegent-executor/mail/config.toml, which contains sensitive information including email credentials and server configurations.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection attacks where malicious instructions embedded in incoming emails could influence agent behavior.
  • Ingestion points: Processes external, untrusted data by reading email bodies and headers via himalaya message read and himalaya envelope list commands.
  • Boundary markers: The instructions do not define specific delimiters or boundary markers to separate email content from the agent's internal logic.
  • Capability inventory: The agent has the capability to send emails, move messages between folders, and delete content using the himalaya CLI.
  • Sanitization: No sanitization or filtering logic is specified for the data ingested from email messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 01:31 AM