Skills
skills/agricidaniel/claude-email/email-check/Snyk

email-check

Warn

Audited by Snyk on Mar 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches unread emails from external Gmail/Outlook via MCP (e.g., search_gmail_messages, get_gmail_messages_content_batch, get_gmail_thread_content, list-mail-messages, get-mail-message in "Fetch Unread Emails" / workflow steps) and parses subject/body to score, categorize, and draft replies, so arbitrary user-generated third-party email content can directly influence agent decisions and actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 09:41 PM
Issues
1