Skills
skills/bighardperson/computer-science-skills-collection/qq-email/Gen Agent Trust Hub

qq-email

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONSAFE
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill ingests untrusted data from an external source which is then presented to the agent. * Ingestion points: scripts/receive.js and scripts/get-body.js fetch email subjects and bodies from imap.qq.com. * Boundary markers: Absent. Email content is output directly to the agent's context without clear delimiters or instructions to ignore embedded commands. * Capability inventory: The skill environment allows for bash command execution (via Bash tool) and file writing (via Write tool). * Sanitization: scripts/get-body.js performs basic HTML tag removal but does not sanitize content against adversarial prompt instructions.
  • [DATA_EXFILTRATION]: Insecure connection settings. * Evidence: The IMAP configuration in scripts/get-body.js and scripts/receive.js explicitly sets tlsOptions: { rejectUnauthorized: false }. This disables SSL/TLS certificate validation, exposing email contents and metadata to potential Man-in-the-Middle (MITM) attacks during transit.
  • [SAFE]: Secret management. * Evidence: The skill correctly instructs the user to provide credentials via environment variables (QQ_EMAIL_ACCOUNT and QQ_EMAIL_AUTH_CODE) and includes logic to verify their presence before execution, avoiding hardcoded secrets in the codebase.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — qq-email