Back to skill

Security audit

Mailgi - Free Email for Agents

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Mailgi email API skill, but it gives an agent access to read, send, delete mail, and manage API keys.

Install this only if you want an agent to operate a Mailgi mailbox. Keep the API key private, limit inbox reads to the task at hand, review recipients and message content before sending, and require explicit confirmation before deleting mail, changing mailbox state, or revoking API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill enables reading inbox contents, sending email, and handling API keys but provides no explicit privacy, consent, or data-handling guardrails. In an agent setting, this can lead to unauthorized access to sensitive communications or transmission of confidential data to external recipients if the agent uses the skill without clear user confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples document destructive and state-changing actions such as deleting messages and marking mail as read without prominent warnings about their effects. In an autonomous agent context, this increases the risk of unintended mailbox modification, evidence loss, or user confusion about message state changes.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Delete a message (moves to Trash):
```
DELETE /v1/mail/<id>
Authorization: Bearer <apiKey>
```
Confidence
89% confidence
Finding
DELETE /v1/mail/<id>

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Response includes `apiKey` (raw, shown once) and `id`.

List keys: `GET /v1/apikeys`
Revoke a key: `DELETE /v1/apikeys/<keyId>`

---
Confidence
86% confidence
Finding
DELETE /v1/apikeys/<keyId>`

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.