mailbox
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell utilities (mkdir, mv, sed, awk, find) to implement a message queue protocol on the host's filesystem.
- [COMMAND_EXECUTION]: Employs optional system tools like
flockfor file locking andfswatchfor monitoring changes, with shell-based fallbacks for environments where these are absent. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: Processes markdown documents received from other agents in the
/tmp/agent-mailbox/directory tree. - Boundary markers: Uses YAML frontmatter delimiters (
---) to help agents distinguish between message metadata and the handoff body. - Capability inventory: The
mailbox.shscript provides a suite of functions for registry management, message delivery, and inbox archival. - Sanitization: Implements
_mb_json_escapefor values written to the registry and_mb_slugfor filenames to prevent path traversal or shell injection.
Audit Metadata