agentmail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt demonstrates and encourages embedding API keys directly in examples and curl commands (e.g., Authorization: Bearer am_..., createClient({ apiKey: "am_..." })), which is an insecure pattern that would require the LLM to include secret values verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to list and fetch full emails and attachments (GET /v1/accounts/{accountId}/messages and messages/{messageId}), process webhook inbound deliveries, and includes a "Sign up for a service and read verification email" workflow that requires parsing arbitrary external email bodies/HTML/attachments—untrusted third-party content that can contain instructions influencing agent actions.