agentmail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit examples that embed an API key inline (Authorization: Bearer am_...) in curl commands and SDK initialization, meaning an agent following it would likely need to accept and place real secret keys verbatim into requests/outputs (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to list and fetch inbound messages, read message.bodyText/bodyHtml, download attachments, and parse verification links (e.g., "Sign up for a service and read verification email" and "Read inbox" / webhook delivery sections), which means the agent will consume untrusted, user-generated email content from arbitrary senders that can directly influence subsequent actions.