fastmail
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The setup instructions in README.md mention installing the Bun runtime using a command piped from bun.sh (
curl -fsSL https://bun.sh/install | bash). Bun is a well-known technology service, and this pattern is its standard installation method. In accordance with security guidelines, references to well-known services are documented neutrally and do not escalate the verdict. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to Fastmail's official service domains (api.fastmail.com and caldav.fastmail.com). These connections are necessary for the skill's primary functionality and target the expected service provider.
- [DATA_EXFILTRATION]: The skill is designed to read email and calendar data, which is its stated purpose. It correctly utilizes environment variables to manage authentication credentials (API tokens and app passwords), preventing accidental exposure of secrets in the codebase or logs.
- [PROMPT_INJECTION]: As the skill ingests content from external sources (email messages and calendar descriptions), it presents a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via the JMAP (
scripts/tools/email.ts) and CalDAV (scripts/tools/calendar.ts) clients. - Boundary markers: The skill does not currently implement delimiters or warnings to demarcate external content from agent instructions.
- Capability inventory: The skill can send emails and modify calendar records, but it does not have the capability to execute arbitrary shell commands or access the local file system.
- Sanitization: External content is retrieved and provided to the agent context without specific filtering for malicious instruction patterns.
Audit Metadata