email-triage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The preflight echoes environment variables (e.g., GMAIL_OP_UUID, TELEGRAM_CHAT_ID, HAIKU_MODEL) which will print their values verbatim if set, so the agent would surface secret or sensitive environment values in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and triages recent emails from Gmail using the gmail-commander scripts (e.g., scripts/digest.ts and the gmail-cli binary at .claude/.../gmail-commander/scripts), meaning it ingests untrusted, user-generated email content which the agent reads and uses to drive notifications and triage decisions.