mailroom

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The registration flow requires reading a 6-digit verification code from email and embedding it verbatim in a verification command (e.g., npx mailroom verify <code>), which forces the agent/LLM to handle and output a secret value.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the agent to query and read entries from the public Mailroom directory (mailroom.network) via commands like "npx mailroom search" and to programmatically read inbox messages (e.g., AgentMail) for verification codes—both are untrusted, user-generated public sources that the agent consumes and can act on, so third-party content could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs installation with "npx skills add cybertheory/mailroom_cli" (repo: https://github.com/cybertheory/mailroom_cli), which will fetch and execute remote code at runtime and is presented as the required CLI for the skill — so it is a runtime external dependency that can execute code.