Skills
skills/growthenginenowoslawski/coldoutboundskills/smartlead-inbox-manager/Gen Agent Trust Hub

smartlead-inbox-manager

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides scripts that are executed using shell commands via npx tsx to manage Smartlead inbox configurations.\n- [EXTERNAL_DOWNLOADS]: The skill uses npx tsx which may download the tsx package from the public npm registry during execution if it is not available locally.\n- [DATA_EXFILTRATION]: The skill reads identity information from environment variables and inbox data from the Smartlead API, and transmits configuration updates to server.smartlead.ai. This is legitimate behavior for the skill's purpose.\n- [PROMPT_INJECTION]: The skill implements features that read local files via the --ids-from-csv and --template-file flags, creating a surface for indirect prompt injection where a malicious prompt could trick the agent into accessing sensitive files.\n
  • Ingestion points: Local file access in scripts/_lib.ts and scripts/set-signatures.ts.\n
  • Boundary markers: None present to distinguish file content from instruction context.\n
  • Capability inventory: Local file reading (fs.readFileSync), file writing (fs.writeFileSync), and network requests (fetch) to the Smartlead API.\n
  • Sanitization: None; file contents are processed as raw strings or parsed as CSV.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:36 PM
Security Audit — agent-trust-hub — smartlead-inbox-manager