Skills
skills/eins78/skills/apple-mail/Gen Agent Trust Hub

apple-mail

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is designed to read and expose sensitive personal information, including email subjects, senders, dates, and full message bodies through Mail.app integration.
  • Evidence: Commands such as osascript -e 'tell application "Mail" to get name of every account' and methods to return (content of msg) in SKILL.md.
  • [COMMAND_EXECUTION]: The skill relies on osascript to execute AppleScript commands. If the agent interpolates unvalidated user input into these scripts (e.g., search keywords or mailbox names), it could lead to AppleScript injection.
  • Evidence: Several bash blocks in SKILL.md utilize osascript -e with placeholder logic like whose subject contains "keyword".
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources (email bodies) which may contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: The content of msg is retrieved via AppleScript and passed into the agent's context (found in SKILL.md).
  • Boundary markers: Absent. There are no instructions to the agent to treat email content as untrusted or to wrap it in specific delimiters.
  • Capability inventory: The skill has the capability to execute shell commands via osascript and read file/database content via the Mail.app interface.
  • Sanitization: Absent. No escaping or filtering of email content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 04:48 PM
Security Audit — agent-trust-hub — apple-mail