Skills
skills/bighardperson/computer-science-skills-collection/qq-mail-reader/Gen Agent Trust Hub

qq-mail-reader

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted email content which serves as an ingestion point for indirect prompt injection.
  • Ingestion points: Email bodies and headers are retrieved from the IMAP server and added to the agent's context in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are used to distinguish external email content from agent instructions.
  • Capability inventory: The skill grants the agent search and read access to the user's mailbox.
  • Sanitization: HTML tags are stripped using regex in the get_text_body function, but the resulting plain-text is not sanitized for potential command injections or malicious instructions.
  • [SAFE]: The skill uses well-known service endpoints (imap.qq.com) and manages sensitive credentials through standard environment variable and configuration file practices.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — qq-mail-reader