nylas-api
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill identifies and provides robust mitigations for indirect prompt injection risks associated with processing email and notetaker data. It explicitly requires the agent to treat all retrieved user content as untrusted and never follow instructions embedded within message bodies, attachments, or transcripts.
- [SAFE]: Secure data handling practices are enforced throughout, including instructions to use the 'select' parameter for minimal data exposure and mandatory user confirmation checkpoints for any mutation actions like sending emails or updating calendars.
- [EXTERNAL_DOWNLOADS]: The skill references official vendor SDKs (nylas) and documentation hosted on developer.nylas.com. These are verified resources from the skill's author.
- [SAFE]: Authentication flows utilize standard OAuth principles and the documentation uses placeholders for sensitive values, promoting secure credential management practices.
Audit Metadata