mailgun sender

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Mailgun email sender, with expected risks around sending real emails through a Mailgun account.

Install this only if you intend the agent to send emails through your Mailgun account. Protect the Mailgun API key, prefer narrowly scoped credentials if available, review message content and recipients before sending, and avoid sending secrets or regulated data unless Mailgun use is approved for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill encourages sending email content, recipient addresses, and sender details through Mailgun but does not clearly warn users that this data leaves the local environment and is transmitted to a third-party service. In an agent setting, this omission can cause unintentional disclosure of sensitive message bodies, personal data, or internal operational information to an external provider.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal