email-unsubscribe-check

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to "Log in using credentials from pass" and to perform browser automation that would require injecting those plaintext credentials into login actions, which creates a high risk that secret values would need to be accessed and could be emitted verbatim by the agent (even though some MCPs could handle auth internally, the prompt itself requires retrieving and using stored passwords).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads untrusted third-party email content via Gmail MCP to extract unsubscribe links and then autonomously navigates to arbitrary external unsubscribe pages with Chrome DevTools MCP, so external page/email content can directly influence navigation and click actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly navigates at runtime to unsubscribe links extracted from emails (arbitrary https://... URLs) and to service settings pages (e.g., https://www.nextdoor.com, https://www.linkedin.com), which causes fetching and executing remote page content/JS that directly drives the automated unsubscribe flow and is required for the skill to work.