email-unsubscribe-check

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to "Log in using credentials from pass" and perform browser automation (filling login forms), which would require retrieving and supplying plaintext secrets in action payloads—creating a risk of the LLM emitting those secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads untrusted third-party email content via Gmail MCP to extract unsubscribe links and then autonomously navigates to arbitrary external unsubscribe pages with Chrome DevTools MCP, so external page/email content can directly influence navigation and click actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly navigates at runtime to unsubscribe links extracted from emails (arbitrary https://... URLs) and to service settings pages (e.g., https://www.nextdoor.com, https://www.linkedin.com), which causes fetching and executing remote page content/JS that directly drives the automated unsubscribe flow and is required for the skill to work.