agent-email
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses 'npx agnic@latest' to execute email management commands. The instructions include a dedicated 'Input Validation' section that specifically mandates validating email addresses and escaping single quotes for subject and body fields to prevent shell command injection.
- [EXTERNAL_DOWNLOADS]: Uses 'npx' to fetch and run the 'agnic' package from the NPM registry. This is a vendor-owned package associated with the skill author (agnicpay) and is necessary for the skill's primary function.
- [PROMPT_INJECTION]: The 'email inbox' command processes untrusted data from external emails. While the skill provides instructions for safely constructing shell commands with this data, it lacks explicit instructions for the agent to treat the retrieved email content (subject and body) as untrusted when interpreting it, creating a surface for indirect prompt injection. Ingestion points: email inbox (SKILL.md). Boundary markers: Missing for incoming content; single-quoting is suggested for outgoing commands. Capability inventory: subprocess calls via Bash (email send, reply, setup). Sanitization: Single-quote escaping and regex validation for CLI arguments.
Audit Metadata