ravi-inbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read inbox messages and extract OTPs and verification links (including token query parameters), which requires outputting secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows the agent fetching and reading incoming SMS and email bodies (e.g., the "SMS" and "Email (verification links, confirmations)" sections and the example commands like ravi inbox email and recipes extracting .text_content/URLs), which are untrusted, user-generated third-party messages that can influence subsequent actions (e.g., extracting and acting on verification links or codes).