agentmail-toolkit
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
agentmail-toolkitpackage via standard package managers (npm and pip). These are vendor-provided resources intended for integrating the AgentMail service. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted external data by allowing the agent to read emails through tools like
list_threadsandget_thread. This creates a surface for indirect prompt injection if the agent processes malicious instructions embedded in email bodies or attachments. - Ingestion points: Email content is retrieved via
get_thread,list_threads, andget_attachment(SKILL.md). - Boundary markers: No specific delimiters or safety instructions are provided in the documentation snippets to help the agent distinguish between system instructions and email content.
- Capability inventory: The agent is granted capabilities to take actions based on processed data, including
send_message,reply_to_message, anddelete_inbox(SKILL.md). - Sanitization: The provided integration examples do not include explicit sanitization or filtering of email content before it is passed to the LLM.
Audit Metadata