email-management-expert
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted email content via MCP tools, creating an indirect prompt injection surface. Ingestion points: Processes email data via MCP tools like search_emails and get_email_with_content. Boundary markers: No specific delimiters or boundary markers are instructed for the agent to use when handling email text. Capability inventory: The skill utilizes capabilities including sending emails (reply_to_email), moving emails (move_email), and deleting messages (manage_trash). Sanitization: No instructions are provided for sanitizing or escaping email content before interpolation.
- [EXTERNAL_DOWNLOADS]: The README documentation provides installation instructions that involve downloading a ZIP package from a public GitHub repository.
- [SAFE]: Core instructions and workflows focus on legitimate email productivity and strictly adhere to tool safety limits and user confirmation practices.
Audit Metadata