agentmail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples initialize the client with an inline apiKey (apiKey: "YOUR_API_KEY"/api_key="YOUR_API_KEY"), which encourages inserting real secret values verbatim into generated code or commands and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Messages" and "Attachments" workflows (e.g., client.inboxes.messages.list/get and getAttachment) show the agent fetching and reading emails and attachments from external senders (and webhooks/websockets are supported), which are untrusted user-generated sources that the agent is expected to interpret and can directly influence actions like replies or labeling, enabling indirect prompt injection.