Back to skill

Security audit

Pilot Email Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a coherent email bridge skill whose risky actions are visible and purpose-aligned, but users should handle relays, attachments, and inbox clearing carefully.

Install only if you trust the Pilot tooling and the SMTP or webhook relay you configure. Review recipients, message bodies, attachment paths, and relay endpoints before sending, use least-privileged email credentials, and avoid running inbox --clear until queued messages have been reviewed or exported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents configuring an outbound webhook to an external SMTP relay and publishing email payloads containing recipient addresses and message bodies, but it provides no warning that this transmits potentially sensitive content and metadata to third-party services. In an agent context, this can lead to unintentional exfiltration of private data, secrets, or operational information if users treat the examples as safe defaults.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation includes `pilotctl --json inbox --clear` without warning that it deletes queued messages and may be irreversible. In operational workflows, an agent or user could copy this command and unintentionally destroy unread email-derived events, causing data loss and missed alerts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill shows sending a local file attachment through `send-file` without warning that local files may be transmitted to an external relay or remote recipient. In an agent environment, this increases the risk of accidental disclosure of sensitive local documents, reports, credentials, or other filesystem data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.