agentmail
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion and processing of untrusted external content from incoming emails, creating an attack surface for indirect prompt injection. * Ingestion points: Incoming email messages and webhook event payloads described in SKILL.md (e.g., message retrieval endpoints and webhook listener setup). * Boundary markers: Absent; there are no instructions provided to help the agent distinguish between system-level commands and untrusted content within email bodies. * Capability inventory: The skill provides capabilities to send replies, create inboxes, and delete drafts based on processed email data. * Sanitization: Absent; the documentation does not mention any protocols for filtering or sanitizing incoming email content before processing.
- [EXTERNAL_DOWNLOADS]: The skill documentation references external SDKs for integration. * Python: Mentions 'pip install agentmail'. * Node.js: Mentions the 'agentmail' npm package.
Audit Metadata