pp-outlook-email

Warn

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Instructions to install the outlook-email-pp-cli tool via npx and go install from the author's repositories.
  • [DATA_EXFILTRATION]: Includes a --deliver webhook:url flag, enabling the agent to send sensitive data to any remote URL, bypassing standard output filters.
  • [DATA_EXFILTRATION]: Features a feedback command capable of transmitting local data to external endpoints when specific environment variables are set.
  • [CREDENTIALS_UNSAFE]: Manages and stores sensitive OAuth 2.0 refresh tokens in a local configuration file at ~/.config/outlook-email-pp-cli/config.toml.
  • [COMMAND_EXECUTION]: Leverages the Bash tool to run CLI commands using arguments derived from user input, which presents a surface for command injection.
  • [PROMPT_INJECTION]: Lacks sanitization or boundary markers for untrusted email content, allowing potential indirect prompt injection attacks where malicious emails could influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 24, 2026, 09:29 PM
Security Audit — agent-trust-hub — pp-outlook-email