email-management-expert

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted email content via MCP tools, creating an indirect prompt injection surface. Ingestion points: Processes email data via MCP tools like search_emails and get_email_with_content. Boundary markers: No specific delimiters or boundary markers are instructed for the agent to use when handling email text. Capability inventory: The skill utilizes capabilities including sending emails (reply_to_email), moving emails (move_email), and deleting messages (manage_trash). Sanitization: No instructions are provided for sanitizing or escaping email content before interpolation.
  • [EXTERNAL_DOWNLOADS]: The README documentation provides installation instructions that involve downloading a ZIP package from a public GitHub repository.
  • [SAFE]: Core instructions and workflows focus on legitimate email productivity and strictly adhere to tool safety limits and user confirmation practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 02:01 PM
Security Audit — agent-trust-hub — email-management-expert