BaseMail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's inbox workflow (scripts/inbox.js) calls https://api.basemail.ai/api/inbox and /api/inbox/:id and directly displays data.body (email contents), meaning it ingests arbitrary, third‑party user-generated emails that could contain instructions influencing agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages blockchain wallets and private keys and requires/encourages providing a private key (env var or file) or generating a managed wallet. It uses wallet signatures for auth (SIWE endpoints /api/auth/*) and documents key storage, mnemonics, encrypted/plaintext private-key files, and scripts that use the wallet (register.js, setup.js). Those are specific crypto/wallet capabilities (private-key access and signing), which can be used to sign transactions or otherwise authorize on-chain actions. Therefore this skill provides explicit crypto/blockchain wallet & signing functionality and should be flagged.