email-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs the agent to ask users for API credentials (and to set tokens via export) and to "confirm access" for providers, which requires the agent to receive and use secrets and creates a high risk the LLM will need to echo or embed those secret values in commands or requests rather than keeping them entirely in secure environment variables.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch/read external provider API documentation and call public enrichment APIs (see "Step 0: Fetch or read the provider's API documentation" in SKILL.md and the provided references/fullenrich-api.md and references/prospeo-api.md as well as Extruct API calls), ingesting untrusted third‑party responses that the agent must interpret and that directly determine batching, rate‑limit handling, verification decisions, and downstream actions (e.g., waterfalling and who to email).