agentmail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples initialize the client with an inline apiKey (apiKey: "YOUR_API_KEY"/api_key="YOUR_API_KEY"), which encourages inserting real secret values verbatim into generated code or commands and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and processes arbitrary incoming emails (user-generated content) via its webhook and websocket event handlers—see references/webhooks.md and references/websockets.md where payload.message (subject, text, html, attachments) is queued/processed by the agent—exposing it to untrusted third-party content.