The Agent Skills Directory

[COMMAND_EXECUTION]: The skill mentions a python3 command and a cron job for scheduling the monitoring task. These are standard automation patterns for the intended use case of periodic newsletter scanning.
[EXTERNAL_DOWNLOADS]: The skill requires the agentmail Python package. This is an expected dependency for the service the skill integrates with (agentmail.dev) and is handled through standard package managers.
[DATA_EXFILTRATION]: While the skill reads email content via the AgentMail API, this data is processed locally to generate a markdown digest for the user. No evidence was found of sending data to unauthorized or suspicious third-party domains.
[CREDENTIALS_UNSAFE]: The skill correctly instructs the user to provide an API key via an environment variable (AGENTMAIL_API_KEY), which is a secure and standard practice for managing sensitive credentials.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external newsletters. It processes this data by stripping HTML and performing keyword matching. The risk of indirect prompt injection is low as the output is a structured markdown file intended for human review rather than being fed back into an automated command execution pipeline.

newsletter-signal-scanner