pp-outlook-email
Warn
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Instructions to install the outlook-email-pp-cli tool via npx and go install from the author's repositories.
- [DATA_EXFILTRATION]: Includes a --deliver webhook:url flag, enabling the agent to send sensitive data to any remote URL, bypassing standard output filters.
- [DATA_EXFILTRATION]: Features a feedback command capable of transmitting local data to external endpoints when specific environment variables are set.
- [CREDENTIALS_UNSAFE]: Manages and stores sensitive OAuth 2.0 refresh tokens in a local configuration file at ~/.config/outlook-email-pp-cli/config.toml.
- [COMMAND_EXECUTION]: Leverages the Bash tool to run CLI commands using arguments derived from user input, which presents a surface for command injection.
- [PROMPT_INJECTION]: Lacks sanitization or boundary markers for untrusted email content, allowing potential indirect prompt injection attacks where malicious emails could influence agent behavior.
Audit Metadata