agent-mail
Fail
Audited by Snyk on Jun 4, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). While many links are benign CDN/docs/GitHub references, the list includes multiple raw "install.sh" scripts (used with curl|bash), direct release/download endpoints and a suspicious CloudFront archive domain and token-bearing URL—all of which are common vectors for distributing malware and should be treated as high risk unless you fully trust and verify the publisher and the script contents.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The runtime workflow that feeds the agent LLM context is the inbox/thread read path (e.g.,
fetch_inbox(..., include_bodies=true)/resource://inbox/.../resource://thread/...), which returns message bodies authored by other agents (outsider-authored free text) and thus can be used for indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The docs contain multiple explicit curl|shell install commands that fetch and execute remote scripts at runtime (e.g. https://raw.githubusercontent.com/Dicklesworthstone/mcp_agent_mail/main/scripts/install.sh?$(date +%s), https://raw.githubusercontent.com/steveyegge/beads/main/scripts/install.sh, https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/main/install.sh and https://astral.sh/uv/install.sh), which is high‑confidence evidence of runtime external dependencies that execute remote code.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata