Email Bot

Security checks across malware telemetry and agentic risk

Overview

This skill openly sends email through AIProx and Resend, but it grants agents outbound email-sending power from freeform instructions without documented confirmation or recipient safeguards.

Install only if you trust AIProx and Resend with recipient addresses, message contents, and spend-token-backed requests. Prefer explicit to/subject/body fields, add a human or workflow confirmation step before each send, and avoid letting untrusted web pages or documents provide freeform email instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill allows a freeform natural-language task to trigger outbound email sending, which is an externally impactful action. Because recipient, subject, and body may be inferred from ambiguous text, an agent can misparse instructions or be induced by prompt injection/untrusted content to send unintended messages to unintended recipients.

External Transmission

Medium

Category: Data Exfiltration
Content: ## Make Request — Explicit Fields ```bash curl -X POST https://aiprox.dev/api/orchestrate \ -H "Content-Type: application/json" \ -d '{ "task": "send an email",
Confidence: 81% confidence
Finding: curl -X POST https://aiprox.dev/api/orchestrate \ -H "Content-Type: application/json" \ -d '{ "task": "send an email", "to": "user@example.com", "subject": "Your AI Research Report",

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal