Warn
Audited by Snyk on Feb 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill directly fetches and parses emails from external IMAP servers (e.g., imap.exmail.qq.com) via scripts/fetch-emails.sh and scripts/read-email.sh (and search-mail.sh), and SKILL.md explicitly states the agent "Parse the output and summarize" and use email content for automation—meaning untrusted, user-generated third‑party email content is ingested and can influence subsequent actions.
Audit Metadata