Skills
skills/tencent/agentlymail/agently-mail/Gen Agent Trust Hub

agently-mail

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted email content which serves as a potential surface for indirect prompt injection attacks.
  • Ingestion points: External data is ingested through the agently-cli message +read, +list, and +search commands as described in SKILL.md.
  • Boundary markers: The skill contains explicit instructions to the agent to treat email body and subject content strictly as data and to ignore any embedded instructions.
  • Capability inventory: The agent has the ability to send, reply, forward, and delete emails, as well as download attachments to the local file system.
  • Sanitization: A mandatory two-stage confirmation mechanism is enforced for all destructive or outgoing operations (+send, +reply, +forward, +trash), ensuring that the agent cannot execute these actions without explicit human approval after reviewing the operation summary.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @tencent-qqmail/agently-cli package and uses npx to add the skill content.
  • Evidence: npm install -g @tencent-qqmail/agently-cli and npx skills add Tencent/AgentlyMail -g -y.
  • These resources originate from the official infrastructure of the vendor (Tencent) and are standard for the skill's functionality.
  • [COMMAND_EXECUTION]: The skill's primary functionality is delivered through the execution of shell commands using the agently-cli tool.
  • Evidence: Use of various commands such as agently-cli message +send and agently-cli attachment +download to manage email resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:44 PM
Security Audit — agent-trust-hub — agently-mail