email

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass passwords literally on the command line (e.g., --password "app-password") and notes config files store plaintext, which requires the LLM to handle/output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md "收取邮件" workflow (e.g., commands like email receive --account <账户名> --body, --format markdown, and --attachments) shows the skill fetches and displays email bodies and attachments from external senders (untrusted third-party/user-generated content) that the agent is expected to read and which could influence subsequent actions.