gmail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs users to place OAuth client_id and client_secret in a config file and shows a CLI command that accepts --client-secret, which requires handling and potentially outputting secret values verbatim (and exposes them via command-line/config storage).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the Gmail API to fetch and display user emails (see SKILL.md commands like "messages list" / "messages get" and scripts/gmail.py functions list_messages, get_message, and extract_message_body), so it ingests untrusted, user-generated third‑party content (emails) that the agent is expected to read and can influence follow-up actions such as composing/replying/forwarding.