Skills
skills/wraps-team/skills/wraps-email/Gen Agent Trust Hub

wraps-email

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on the installation of @wraps.dev/email, a package from an unverified third-party source not included in the trusted organizations list.
  • [COMMAND_EXECUTION] (LOW): The skill utilizes readFileSync to process file attachments. This creates a risk where an agent, if improperly constrained, could be instructed to read sensitive local files (such as ~/.ssh/id_rsa or .env files) and send them as attachments via email.
  • [CREDENTIALS_UNSAFE] (LOW): The SDK is designed to handle AWS credentials directly. While the documentation recommends using environment variables, it also demonstrates patterns for explicit credential passing, which increases the surface area for potential credential exposure.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Data enters the skill via the html, subject, and templateData fields in the send and sendTemplate methods.
  • Boundary markers: Absent. The documentation provides no guidance on using delimiters to separate instructions from user-provided data.
  • Capability inventory: The skill has the capability to read local files (readFileSync) and send data over the network via AWS SES.
  • Sanitization: Absent. There is no evidence of HTML sanitization or input validation for template variables, allowing potential injection of malicious payloads into the email body.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:37 PM