agentmail-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt shows concrete examples that embed the API key directly into JSON configs and shell commands (e.g., "AGENTMAIL_API_KEY": "YOUR_API_KEY" and export AGENTMAIL_API_KEY=your-api-key), which would require an LLM to include user-provided secret values verbatim when generating setup files or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MCP tools (e.g., list_threads, get_thread, get_attachment) fetch and expose email messages and attachments from arbitrary inboxes/external senders—untrusted, user-generated content the agent is expected to read and act on—creating a clear vector for indirect prompt injection.