fastmail
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README.md documentation instructs users to install the Bun runtime using a remote script via 'curl | bash' from bun.sh, which is a well-known and recognized service.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted content from emails and calendar events, presenting a risk of indirect prompt injection attacks where malicious data could influence the AI agent's behavior.\n
- Ingestion points: Email subjects/bodies in 'scripts/tools/email.ts' and calendar event titles/descriptions in 'scripts/tools/calendar.ts' accessed via JMAP and CalDAV.\n
- Boundary markers: There are no visible delimiters or isolation instructions used when presenting untrusted data to the agent context.\n
- Capability inventory: The skill possesses significant capabilities, including 'send_email', 'delete_email', and 'delete_event', which could be targeted by an injection attack.\n
- Sanitization: The skill returns raw text content from the external APIs to the agent without sanitization or filtering.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata