Lead Processor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It requires preserving full email threads (headers and quoted text) in drafts/outputs and scanning real IMAP mailboxes, which forces the model to reproduce any secrets or API keys contained in those emails verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scans IMAP mailboxes configured in config/accounts.json and ingests real fetched email data (external, untrusted user-generated emails) which the agent must read, classify, and act upon (move messages, draft replies, update CRM), allowing third-party content to materially influence behavior.