Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive API tokens from local configuration files at
~/.autark/credentials.jsonand a legacy environment file at/Users/kushalsm/solo/.env.\n- [DATA_EXFILTRATION]: The skill transmits data, including content retrieved from local files, to an external API endpoint atapi.agentmail.to.\n- [EXTERNAL_DOWNLOADS]: The skill relies on the@agentmail/cliNode.js package.\n- [COMMAND_EXECUTION]: The skill uses shell commands involvingcurl,jq, and theagentmailCLI to perform network operations and data processing.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and processes email content from an external source without sanitization or boundary markers.\n - Ingestion points: Message retrieval via CLI and REST API (SKILL.md)\n
- Boundary markers: None present in the instructions\n
- Capability inventory: Shell command execution, sensitive file access, and network operations\n
- Sanitization: No sanitization or validation of email content is described
Recommendations
- AI detected serious security threats
Audit Metadata