The Agent Skills Directory

[DATA_EXFILTRATION]: The skill uses a .env file to store sensitive email credentials (IMAP/SMTP passwords). This is a standard and recommended practice for managing secrets in a development environment. The setup.sh script specifically sets file permissions to 600 to ensure only the owner can read or write the configuration.
[PROMPT_INJECTION]: The skill processes untrusted data from external email content, which creates a surface for indirect prompt injection.
Ingestion points: Email bodies and headers are fetched by scripts/imap.js and provided to the agent.
Boundary markers: The skill does not explicitly use delimiters to wrap the fetched email content when presenting it to the agent.
Capability inventory: The skill has the ability to read files (scripts/smtp.js), write files (scripts/imap.js), and send network requests via SMTP (scripts/smtp.js).
Sanitization: Malicious instructions in emails are mitigated by strict path validation. The functions validateReadPath and validateWritePath enforce a whitelist of directories (ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS), preventing the agent from being tricked into reading or writing sensitive system files.
[COMMAND_EXECUTION]: The skill executes local Node.js scripts (scripts/imap.js and scripts/smtp.js) to perform email operations. These scripts use standard, well-vetted libraries and do not accept arbitrary shell commands or untrusted input for command execution.

imap-smtp-email