Skills
skills/codecell-germany/e-mail-agent-skill/e-mail-agent-cli/Gen Agent Trust Hub

e-mail-agent-cli

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions specify installing the '@codecell-germany/e-mail-agent-skill' package from the npm registry, which is a vendor-owned resource matching the skill's author.
  • [COMMAND_EXECUTION]: The skill relies on global package installation and post-install commands, as well as several CLI commands to interact with the Microsoft Graph API.
  • [PROMPT_INJECTION]: Retrieval of external email content via 'mail search' and 'mail show' creates an indirect prompt injection surface. * Ingestion points: Email bodies and metadata retrieved from Graph API. * Boundary markers: None specified in the instructions for isolating external content. * Capability inventory: Commands for sending, moving, and archiving emails, plus arbitrary Graph API requests via 'graph request'. * Sanitization: No evidence of filtering or validation of external content before processing.
  • [DATA_EXFILTRATION]: While the skill includes instructions to prevent token leakage, the inherent capability to read and send email content constitutes a data exposure surface that could be exploited if the agent's behavior is influenced by malicious external input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 03:09 PM