agentmail
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the
agentmail-mcppackage from the NPM registry vianpxduring setup. - [EXTERNAL_DOWNLOADS]: Requires the installation of the
mcppackage from the PyPI registry. - [PROMPT_INJECTION]: Identified an indirect prompt injection surface as the agent processes untrusted data from incoming emails.
- Ingestion points: Untrusted content enters the agent's context through the
get_threadandlist_threadstools inSKILL.md. - Boundary markers: Absent; there are no instructions for the agent to distinguish between its own logic and instructions embedded in incoming emails.
- Capability inventory: The agent has permissions to
send_message,reply_to_message,create_inbox, anddelete_inboxacrossSKILL.md. - Sanitization: No sanitization or validation of incoming email content is implemented or instructed.
Audit Metadata