Skills
skills/terrylica/cc-skills/email-triage/Gen Agent Trust Hub

email-triage

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to build and run scripts, including bun run build and bun run on a local TypeScript file (digest.ts).
  • [EXTERNAL_DOWNLOADS]: The skill utilizes bun install to download and install third-party dependencies from external package registries during the setup phase.
  • [PERSISTENCE]: The skill contains explicit instructions for the agent to modify its own logic. The 'Self-Evolving Skill' section and 'Post-Execution Reflection' mandate that the AI agent edit the SKILL.md file to update instructions or fix issues. This self-modification pattern can be exploited to persist malicious behavior across sessions.
  • [PROMPT_INJECTION]: As the skill is designed to triage and summarize recent emails, it processes untrusted external data. This creates an indirect prompt injection surface where an attacker can send an email containing hidden instructions to influence the agent's behavior. The provided instructions lack boundary markers or specific sanitization steps for the email content.
  • [DATA_EXFILTRATION]: The skill utilizes sensitive environment variables, specifically TELEGRAM_BOT_TOKEN, to transmit triaged data to an external service (Telegram). While functional, this represents a pre-configured channel for data exfiltration.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 02:33 PM