Skills
skills/caffeinelabs/skills/email-raw/Gen Agent Trust Hub

email-raw

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where malicious instructions could be embedded in meeting data.\n
  • Ingestion points: Untrusted data enters the skill via the meetingSubject and meetingTime parameters in the main.mo file.\n
  • Boundary markers: The skill does not implement delimiters or provide instructions for the agent to ignore embedded commands when interpolating variables into the email body content.\n
  • Capability inventory: The skill uses the EmailClient.sendRawEmail function (defined in emailClient.mo) which performs network operations to transmit data externally via email.\n
  • Sanitization: There is no evidence of input validation, escaping, or sanitization for the data processed before it is included in the final email output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:39 PM
Security Audit — agent-trust-hub — email-raw