skills/fuzzyfox/skills/mailbox/Gen Agent Trust Hub

mailbox

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell utilities (mkdir, mv, sed, awk, find) to implement a message queue protocol on the host's filesystem.
  • [COMMAND_EXECUTION]: Employs optional system tools like flock for file locking and fswatch for monitoring changes, with shell-based fallbacks for environments where these are absent.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: Processes markdown documents received from other agents in the /tmp/agent-mailbox/ directory tree.
  • Boundary markers: Uses YAML frontmatter delimiters (---) to help agents distinguish between message metadata and the handoff body.
  • Capability inventory: The mailbox.sh script provides a suite of functions for registry management, message delivery, and inbox archival.
  • Sanitization: Implements _mb_json_escape for values written to the registry and _mb_slug for filenames to prevent path traversal or shell injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:29 AM
Security Audit — agent-trust-hub — mailbox