Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from emails, which provides a surface for indirect prompt injection attacks.
- Ingestion points: Email subjects, bodies, and links are retrieved via IMAP in scripts/email_tool.py through commands like list and read.
- Boundary markers: Absent. Raw email content is returned in JSON format without delimiters or instructions to the agent to treat the content as untrusted data.
- Capability inventory: The script has the ability to write files to the local file system (cmd_download) and move or delete emails on the server (cmd_move).
- Sanitization: No sanitization, escaping, or safety filtering is performed on the content retrieved from the email server before it is passed to the agent.
Audit Metadata