Skills
skills/aidotnet/opencowork/email-drafter/Gen Agent Trust Hub

email-drafter

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/email_draft.py implements a --save parameter that allows the generated output to be written to any file path specified by the user. This poses a risk of overwriting critical system configuration files or user profiles if a malicious path is provided.
  • [PROMPT_INJECTION]: The skill processes untrusted input and interpolates it into structured output, making it vulnerable to indirect prompt injection.
  • Ingestion points: Untrusted data enters the script via the --to, --subject, --body, --context, and --signature command-line arguments.
  • Boundary markers: There are no markers or delimiters used to isolate user-provided content from the email templates.
  • Capability inventory: The script possesses file-writing capabilities through the --save argument.
  • Sanitization: No input validation or sanitization is performed on the user-provided strings before they are used in the email generation process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 09:20 AM