imap-smtp-email
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses industry-standard Node.js libraries (nodemailer, imap, mailparser) and maintains secure credential management by storing sensitive user data in local environment files rather than hardcoding secrets.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting data from external email servers.
- Ingestion points: The scripts/imap.js script fetches untrusted content (subjects, bodies, and snippets) from remote IMAP mailboxes through its check, fetch, and search functions.
- Boundary markers: Neither the instructions nor the scripts provide markers or warnings to help the agent differentiate between legitimate email data and malicious instructions embedded within that data.
- Capability inventory: The skill possesses capabilities that could be abused if an injection is successful, including sending outbound emails (scripts/smtp.js) and writing files to the local disk (scripts/imap.js attachment download functionality).
- Sanitization: There is no significant sanitization, filtering, or escaping of the external email content before it is processed and returned to the agent's context.
Audit Metadata