Skills
skills/vm0-ai/vm0-skills/mailsac/Gen Agent Trust Hub

mailsac

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs standard command-line utilities, specifically curl and jq, to facilitate communication with the MailSac API. This usage is consistent with the skill's stated purpose of providing a CLI-based interface for email testing.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it is designed to ingest and process text content from disposable email messages. Instructions or data embedded in these emails by external senders could potentially manipulate the agent's subsequent logic.
  • Ingestion points: Content is retrieved from MailSac's message retrieval endpoints (e.g., /api/text/, /api/body/, and /api/raw/) as documented in SKILL.md.
  • Boundary markers: The instructions do not define delimiters or specific markers to isolate the ingested email content from the agent's system prompts.
  • Capability inventory: The skill utilizes curl and jq for data operations.
  • Sanitization: The skill does not implement any validation or sanitization of the retrieved email body or headers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM