messages-ops

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to search for and return live message contents including one-time codes ("message summary or code"), which requires outputting sensitive secrets verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs resolving and reading message surfaces including "X / social DM" and "another browser-gated message surface" and to "read the latest inbound" to inform drafting/replies, meaning it ingests untrusted user-generated third‑party content that can influence actions.