agentmail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt’s examples and SDK show API keys and Bearer tokens embedded directly in curl commands and code (e.g., Authorization: Bearer am_..., createClient({ apiKey: "am_..." })) and provide a webhook secret parameter for HMAC verification, which encourages handling secrets inline and would require the LLM to accept/emit secret values verbatim if real keys are used.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes inbound email and webhook deliveries from arbitrary external senders — see "Read inbox" and the "Common patterns — Sign up for a service and read verification email" sections that show the agent reading bodyText/bodyHtml, parsing verification links/codes, and downloading attachments — which are untrusted, user-generated sources that can materially influence agent actions.