gmail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs passing and storing OAuth client secrets directly (including an example using --client-secret on the command line and a yaml file with client_secret), which requires the agent or user to include secret values verbatim in commands/files—an insecure pattern that risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly fetches and displays email content from Gmail via the Gmail API (see scripts/gmail.py functions list_messages/get_message and the messages list/get commands), which exposes the agent to untrusted, user-generated third-party content from arbitrary senders.