himalaya
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
himalayaCLI tool via Homebrew, which is a well-known and reputable service. - [COMMAND_EXECUTION]: The skill makes extensive use of the
himalayacommand-line utility for email operations such as listing, reading, and sending messages. These operations are essential to its function and are invoked in a standard manner. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it reads untrusted data from email bodies via
himalaya message read. - Ingestion points: Raw email content and headers entering the agent's context through message reading and listing commands.
- Boundary markers: Absent; the instructions do not specify any delimiters or warnings to treat email content as untrusted data.
- Capability inventory: The skill allows the agent to perform actions such as sending emails (
himalaya message write), deleting messages (himalaya message delete), and downloading attachments (himalaya attachment download). - Sanitization: No mechanisms are described for sanitizing or escaping the content of emails before they are processed by the agent.
Audit Metadata