poffice-admin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes example commands that pass plaintext passwords as command-line arguments (e.g., python3 ... create-mailbox ... password), which requires the agent to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly ingests and processes untrusted, user-generated content — e.g., reading arbitrary emails via scripts/poffice_imap.py, listing/downloading user files from Seafile in scripts/poffice_docs.py, listing/uploading Paperless documents in scripts/poffice_paperless.py, and reading SOGo calendar event data in scripts/poffice_calendar.py — any of which could contain indirect prompt-injection content.