agentmail-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via email content processing.
- Ingestion points: Untrusted data enters the agent context through the
list_threadsandget_threadtools in SKILL.md. - Boundary markers: The instructions contain no delimiters or warnings to ignore instructions embedded in email bodies.
- Capability inventory: The skill has access to impactful tools including
send_message,reply_to_message,forward_message, anddelete_inbox. - Sanitization: There is no description of content validation or escaping for processed emails.
- [EXTERNAL_DOWNLOADS]: Installs the
agentmail-mcppackage from the npm and pip registries, which are standard for the vendor's tools. - [COMMAND_EXECUTION]: Provides instructions to run the MCP server locally via
npx -y agentmail-mcpor by executing Python binaries.
Audit Metadata