Mailgun Simple

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Mailgun email-sending helper, with expected external email delivery and credential use for that purpose.

Install only if you intend to let the agent send email through your Mailgun account. Use the narrowest practical Mailgun key, review recipient, subject, body, and sender before use, and avoid sending secrets or regulated data unless Mailgun handling is approved for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This skill sends recipient addresses, subject lines, and message bodies to Mailgun, a third-party external service, but the documentation does not explicitly warn users that their content and metadata leave the local environment. That omission can lead to accidental disclosure of sensitive or regulated information because users may assume the skill only performs local formatting or routing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal