Skills
skills/oneshot-agent/agent-skills/oneshot-email/Gen Agent Trust Hub

oneshot-email

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill enables network operations via the agent.email method to send content and attachments to external recipients. While this is the intended functionality of the tool, it represents a standard exfiltration vector if the agent is instructed to send sensitive information.
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting untrusted data from incoming emails.
  • Ingestion points: The agent.inboxList and agent.inboxGet methods in SKILL.md are used to retrieve email bodies from external senders.
  • Boundary markers: There are no specified boundary markers or instructions to the agent to disregard commands embedded within the retrieved email content.
  • Capability inventory: The agent has the ability to send emails (agent.email), manage domain rotation (agent.pauseDomain, agent.resumeDomain), and interact with the required oneshot skill wallet.
  • Sanitization: The skill does not implement or describe any sanitization or validation of the inbound email content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:12 PM
Security Audit — agent-trust-hub — oneshot-email