Send emails, buy forwarding inboxes, manage custom subdomains, and read messages programmatically via x402. USE FOR: - Sending emails (one-off or from custom addresses) - Buying a forwarding inbox (username@x402email.com) - Purchasing custom email subdomains (you@yourname.x402email.com) - Reading and managing inbox messages programmatically - Setting up catch-all forwarding for subdomains - Managing authorized signers for shared subdomains TRIGGERS: - "send email", "email this to", "notify by email" - "buy inbox", "forwarding address", "email inbox" - "custom domain", "subdomain", "email subdomain" - "read emails", "check inbox", "list messages" - "email address", "disposable email", "temporary email" ALWAYS use `npx agentcash fetch` for stableemail.dev endpoints. IMPORTANT: Use exact endpoint paths from the Quick Reference table below.
100
100%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and programmatically reads untrusted user-generated email content (see SKILL.md "Read Inbox Messages" and the https://stableemail.dev/api/inbox/messages/read and /subdomain/.../messages/read endpoints, which return full text/html and attachments), meaning those third-party messages could be interpreted by the agent and influence subsequent actions.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill includes explicit payment and blockchain transaction endpoints and wallet usage—not just generic HTTP or automation. It defines paid operations (buy inbox, buy subdomain, top up inbox, per-email send fees) with fixed prices and direct POST endpoints to execute purchases (e.g., /api/inbox/buy, /api/subdomain/buy, /api/inbox/topup). It requires wallet setup and uses SIWX wallet authentication via `npx agentcash fetch`, references on-chain refunds in USDC, and exposes wallet-related actions (manage signers with a 0x... walletAddress). These are concrete financial execution capabilities (crypto/wallet payments and on-chain refunds), so this qualifies as direct financial execution.
- Repository
- Merit-Systems/agentcash-skills
- Commit
fe3e7ab
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.