Skills
skills/gooseworks-ai/goose-skills/agentmail/Gen Agent Trust Hub

agentmail

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill relies on several standard external dependencies for its functionality:
  • Python packages: agentmail (the primary SDK), python-dotenv, flask, requests, and pdfplumber (demonstrated in document processing examples).
  • The skill interacts with the vendor's API endpoints at api.agentmail.to and console at console.agentmail.to.
  • [COMMAND_EXECUTION]: The skill includes three utility scripts designed for agent use:
  • scripts/send_email.py: Handles rich email composition and attachment encoding.
  • scripts/check_inbox.py: Implements polling and monitoring logic for email inboxes.
  • scripts/setup_webhook.py: Automates webhook registration and includes a Flask-based receiver for local development.
  • [PROMPT_INJECTION]: Static analysis flagged injection patterns in the documentation. However, these are educational examples within a 'Security' section designed to warn the user about indirect prompt injection risks from third-party emails. The skill proactively provides mitigation strategies, including a TypeScript allowlist filter and architectural patterns for isolated sessions.
  • [DATA_EXPOSURE]: The skill follows secure practices for credential management, instructing users to store API keys in environment variables via .env files rather than hardcoding them in scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:58 PM