Skills
skills/thinkoodle/rails-skills/action-mailbox/Gen Agent Trust Hub

action-mailbox

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion and processing of content from inbound emails, which are untrusted external sources. This creates a potential surface for indirect prompt injection where malicious instructions hidden in an email could influence the agent's behavior.
  • Ingestion points: The process methods in SupportMailbox (SKILL.md) and RepliesMailbox (reference.md) ingest content from mail.subject and mail.decoded.
  • Boundary markers: The provided examples do not use delimiters or instructions to ignore embedded commands within the email data.
  • Capability inventory: The implementation includes database writes (SupportTicket.create!), file attachments via Active Storage (record.files.attach), and background job enqueuing (SupportNotificationJob.perform_later).
  • Sanitization: While reference.md suggests using ActionController::Base.helpers.strip_tags for HTML processing, the primary implementation examples in SKILL.md perform direct interpolation of email content into the database without explicit sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 04:08 AM