himalaya
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as credential harvesting, unauthorized network exfiltration, or obfuscated code were detected. The skill correctly identifies that authentication credentials should be stored securely and provides examples for using external password managers. The installation via 'brew' is a standard practice for this tool.
- [PROMPT_INJECTION]: The skill processes untrusted external data from incoming emails, which is inherent to its primary purpose as an email client. This creates a surface for indirect prompt injection where instructions within an email could attempt to influence the agent.
- Ingestion points: Email content is read from IMAP servers via commands like
himalaya message read. - Boundary markers: No explicit markers are used in the provided documentation to isolate email body text from agent instructions.
- Capability inventory: The skill allows for deleting emails, sending replies, and moving messages, which could be targeted by malicious instructions.
- Sanitization: No sanitization of incoming email content is described in the skill's instructions.
Audit Metadata