139mail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to provide their 139 email account and authorization code and shows commands/configs that embed the authorization code verbatim (e.g., --password and config file), which requires the LLM to handle/output secrets directly and is high-risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly connects to a user's 139 mailbox and fetches and displays email messages from external senders (see scripts/check_mail.py, scripts/view_mail.py, scripts/search_mail.py and SKILL.md), meaning it ingests untrusted, user-generated third-party content that can influence follow-up actions (viewing, moving, deleting, or replying), so it could enable indirect prompt injection.