imap-smtp-email

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from external email senders.
  • Ingestion points: The scripts/imap.js script fetches email subjects, bodies, and attachment metadata from remote servers and provides them to the agent.
  • Boundary markers: The skill does not implement delimiters or safety warnings to help the agent distinguish untrusted email content from authoritative instructions.
  • Capability inventory: The skill provides significant capabilities, including the ability to send outbound emails via scripts/smtp.js and write files to the local disk via the download command in scripts/imap.js.
  • Sanitization: No sanitization, validation, or filtering is applied to incoming email content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — imap-smtp-email