spark-recipe-vacation-catchup
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'spark' CLI tool to filter emails, read threads, and perform actions like archiving or snoozing. These commands are consistent with the skill's stated purpose of email management and originate from a legitimate vendor tool.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection:
- Ingestion points: The skill reads external data from email threads using the 'spark thread ' command in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content within the emails being processed.
- Capability inventory: The agent has the ability to modify the email state (archive, mark as read, snooze) and manage contact lists (accept/block contacts) based on its interpretation of the email content.
- Sanitization: No sanitization or validation of the ingested email content is performed before processing.
Audit Metadata