check-action-items-from-contact

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill contains an explicit instruction to "Replace {{PLACEHOLDER}} values with actual credentials from the key store," which instructs embedding secret values into generated scripts/commands (an exfiltration risk), even though the AppleScript itself could run locally without the LLM needing secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Procedure and bundled AppleScript explicitly read and parse email messages from the user's Mail inbox (Mail.app) to analyze and act on untrusted, user-generated email content, so those third-party messages could indirectly inject instructions that affect the agent's decisions.