macos-mail
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate automation for macOS Mail.app using local scripts. All operations are confined to the user's machine.
- [DATA_EXFILTRATION]: While the skill accesses email content, no network-capable tools or patterns were identified that could exfiltrate this data. All retrieved data is returned locally to the agent context.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading unstructured email data.
- Ingestion points: Email subjects and bodies are ingested via
scripts/commands/message/get.shandscripts/commands/message/list.sh. - Boundary markers: None are present in the script output to isolate external content.
- Capability inventory: The skill has the ability to send, reply, and delete messages through the
scripts/commands/message/suite. - Sanitization: Output is processed through
jqand custom AppleScript escaping to ensure valid JSON, preventing shell-level injection, though content is not filtered for semantic instructions. - [COMMAND_EXECUTION]: The skill executes shell scripts and AppleScript commands. User-supplied arguments are generally handled through script parameters, and numeric inputs like message indices are validated as positive integers before use.
Audit Metadata