Skills
skills/agentmail-to/agentmail-skills/agentmail/Gen Agent Trust Hub

agentmail

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill allows agents to ingest and process data from external emails, which can contain adversarial instructions.
  • Ingestion points: references/webhooks.md and references/websockets.md (processing message.received event payloads).
  • Boundary markers: None identified in the instruction snippets; content is consumed as raw strings.
  • Capability inventory: SKILL.md includes capabilities to send and reply to emails, creating a potential loop for automated exploitation if the agent responds to malicious prompts.
  • Sanitization: No sanitization or validation of the email body is demonstrated in the examples.
  • [EXTERNAL_DOWNLOADS]: Instructs users to install the agentmail SDK from NPM and PyPI, along with support libraries like express and flask for webhook handling.
  • [COMMAND_EXECUTION]: Provides shell commands for dependency installation and suggests using the ngrok utility to expose local services.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 02:31 AM