mail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to extract and include actionable URLs and email bodies (potentially containing tokens or sensitive links) in reminders and summary outputs and to embed those bodies/links as command-line arguments, which forces the LLM to handle and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses emails from the user's Mail.app inboxes (see SKILL.md Step 3 and fetch-mail.applescript) and decodes/extracts URLs and attachments from those messages (see extract-urls.sh and extract-attachment.sh referenced in SKILL.md Step 6/6b), then uses that untrusted, user-generated email content to decide actions and create reminders — enabling indirect injection via email content or linked pages.