primitive-inbox
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the '@primitivedotdev/cli' package globally from the NPM registry to interact with the service infrastructure.
- [COMMAND_EXECUTION]: The skill utilizes several vendor CLI commands (e.g., 'primitive emails latest', 'primitive agent start-agent-signup') to manage inbox setup, authentication, and mail retrieval.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the following evidence chain:
- Ingestion points: External email content is ingested into the agent context via 'primitive emails latest' and 'primitive emails wait' in SKILL.md.
- Boundary markers: The instructions lack explicit boundary markers or directives for the agent to ignore instructions embedded within the email body.
- Capability inventory: The agent has the capability to execute shell commands via the 'primitive' CLI and interact with external services.
- Sanitization: There is no evidence of sanitization or filtering of the inbound email content before it is processed by the agent.
Audit Metadata