imap-smtp-email

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses industry-standard Node.js libraries (nodemailer, imap, mailparser) and maintains secure credential management by storing sensitive user data in local environment files rather than hardcoding secrets.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting data from external email servers.
  • Ingestion points: The scripts/imap.js script fetches untrusted content (subjects, bodies, and snippets) from remote IMAP mailboxes through its check, fetch, and search functions.
  • Boundary markers: Neither the instructions nor the scripts provide markers or warnings to help the agent differentiate between legitimate email data and malicious instructions embedded within that data.
  • Capability inventory: The skill possesses capabilities that could be abused if an injection is successful, including sending outbound emails (scripts/smtp.js) and writing files to the local disk (scripts/imap.js attachment download functionality).
  • Sanitization: There is no significant sanitization, filtering, or escaping of the external email content before it is processed and returned to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:32 AM
Security Audit — agent-trust-hub — imap-smtp-email