imap-smtp-email
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from external email senders.
- Ingestion points: The
scripts/imap.jsscript fetches email subjects, bodies, and attachment metadata from remote servers and provides them to the agent. - Boundary markers: The skill does not implement delimiters or safety warnings to help the agent distinguish untrusted email content from authoritative instructions.
- Capability inventory: The skill provides significant capabilities, including the ability to send outbound emails via
scripts/smtp.jsand write files to the local disk via thedownloadcommand inscripts/imap.js. - Sanitization: No sanitization, validation, or filtering is applied to incoming email content before it is processed by the agent.
Audit Metadata