Skills
skills/readdle/spark-cli-skills/spark-recipe-new-sender-review/Gen Agent Trust Hub

spark-recipe-new-sender-review

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (email content), which presents a surface for indirect prompt injection where an attacker might include malicious instructions within an email thread.
  • Ingestion points: The agent reads external email threads using spark thread <id> as described in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to the agent to disregard instructions found within the email content.
  • Capability inventory: The skill utilizes the spark CLI tool to list emails, read threads, and modify sender statuses (accept/block).
  • Sanitization: No sanitization or validation mechanisms are specified for the email data before the agent reviews it.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various spark CLI commands to manage the email environment.
  • Evidence: Use of commands such as spark emails Inbox --new-senders, spark thread <id>, and spark contact-action [accept/block]Contact are central to the skill's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 01:15 PM