Skills
skills/neversight/learn-skills.dev/agentmail-mcp/Gen Agent Trust Hub

agentmail-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of the agentmail-mcp package from standard registries using npm (npx) and Python (pip).
  • [COMMAND_EXECUTION]: Provides shell commands for environment setup, package installation, and running the MCP server locally.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8):
  • Ingestion points: External data enters the agent context via email content fetched through the get_thread and list_inboxes tools.
  • Boundary markers: The skill documentation lacks explicit instructions for using delimiters or boundary markers to isolate untrusted email content from agent instructions.
  • Capability inventory: The agent is granted capabilities to perform actions like send_message, reply_to_message, and delete_inbox, which could be triggered by instructions embedded in incoming emails.
  • Sanitization: There is no mention of sanitization or filtering of email content before it is processed by the AI assistant.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 03:47 AM
Security Audit — agent-trust-hub — agentmail-mcp