imap-smtp-email
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs operations by executing local scripts, specifically setup.sh, scripts/imap.js, and scripts/smtp.js.
- [DATA_EXFILTRATION]: The skill can read local files to be used as email bodies or attachments and send them to external addresses. It also allows downloading files from external email servers to the local filesystem.
- [PROMPT_INJECTION]: The skill processes untrusted content from external emails, which serves as a potential vector for indirect prompt injection. 1. Ingestion points: node scripts/imap.js (commands: check, fetch, search). 2. Boundary markers: The documentation does not specify the use of delimiters or warnings to separate email content from agent instructions. 3. Capability inventory: The skill has the ability to send emails via node scripts/smtp.js send and write files to the disk via node scripts/imap.js download. 4. Sanitization: There is no mention of sanitizing or validating external email content before it is presented to the agent.
Audit Metadata