監査履歴
email-notify - 6 監査
監査バージョン 6
最新 中リスクJun 28, 2026, 08:18 PM
Static findings for network, environment access, filesystem references, and documented commands are mostly expected for an SMTP notification skill. No prompt injection or malicious intent was found, but the skill can email task summaries and uses SMTP credentials from environment variables, so users need a clear data disclosure warning.
中リスクの問題 (3)
低リスクの問題 (5)
リスク要因
⚡ スクリプトを含む (1)
🌐 ネットワークアクセス (2)
🔑 環境変数 (3)
📁 ファイルシステムへのアクセス (3)
⚙️ 外部コマンド (1)
検出されたパターン
監査バージョン 5
低リスクJan 16, 2026, 08:48 PM
This skill is a straightforward SMTP email notification utility. It reads environment variables for SMTP configuration, reads AGENTS.md for optional project name extraction, and sends task completion notifications via standard Python smtplib. All detected patterns are expected functionality - email sending is the stated purpose, environment access is for configuration, and filesystem reads are for project name resolution. No malicious behavior confirmed.
リスク要因
🌐 ネットワークアクセス (1)
🔑 環境変数 (1)
📁 ファイルシステムへのアクセス (1)
監査バージョン 4
低リスクJan 16, 2026, 08:48 PM
This skill is a straightforward SMTP email notification utility. It reads environment variables for SMTP configuration, reads AGENTS.md for optional project name extraction, and sends task completion notifications via standard Python smtplib. All detected patterns are expected functionality - email sending is the stated purpose, environment access is for configuration, and filesystem reads are for project name resolution. No malicious behavior confirmed.
リスク要因
🌐 ネットワークアクセス (1)
🔑 環境変数 (1)
📁 ファイルシステムへのアクセス (1)
監査バージョン 3
低リスクJan 8, 2026, 05:57 AM
This skill is a straightforward SMTP email notification script. It reads environment variables and AGENTS.md for configuration, then sends task completion notifications via SMTP. No malicious behavior detected. The code matches its stated purpose of sending email notifications.
リスク要因
⚡ スクリプトを含む (1)
🌐 ネットワークアクセス (1)
📁 ファイルシステムへのアクセス (1)
監査バージョン 2
低リスクJan 8, 2026, 05:57 AM
This skill is a straightforward SMTP email notification script. It reads environment variables and AGENTS.md for configuration, then sends task completion notifications via SMTP. No malicious behavior detected. The code matches its stated purpose of sending email notifications.
リスク要因
⚡ スクリプトを含む (1)
🌐 ネットワークアクセス (1)
📁 ファイルシステムへのアクセス (1)
監査バージョン 1
低リスクJan 8, 2026, 05:57 AM
This skill is a straightforward SMTP email notification script. It reads environment variables and AGENTS.md for configuration, then sends task completion notifications via SMTP. No malicious behavior detected. The code matches its stated purpose of sending email notifications.