inboxmate-batch-demo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read bearer tokens/API keys from a local .env and use them to make GraphQL/MCP requests, which requires the LLM to handle and include secret values verbatim in generated requests or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Step 2a explicitly tells the agent to use WebFetch on each prospect's domain (CRM domainName.primaryLinkUrl) and to read/interpret website content (redirects, page text, copyright years, "coming soon" copy, etc.) from arbitrary public sites to decide whether to skip or proceed, exposing it to untrusted third‑party content that can influence actions.