cortex-mine

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit example that embeds an API key on the command line (cron: ANTHROPIC_API_KEY=sk-... python3 …), which encourages placing/verbatim-pasting secrets into generated commands and outputs — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes arbitrary Gmail threads via the gws CLI (see scripts/cortex-mine.py and SKILL.md), sends email bodies to Claude for structured extraction, and then uses that model output to create/upsert contacts, clients, communications and knowledge files—so untrusted, user-generated email content can materially influence downstream actions and enable indirect prompt injection.