postbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask for, store, and use the user's Postbox API key in subsequent API calls (including Authorization headers and curl/HTTP requests), which requires the model to emit the secret verbatim and thus poses a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and references/api.md) explicitly instructs the agent to call public Postbox endpoints (e.g., GET https://usepostbox.com/api/{opaque_segment}/f/{slug}, GET/POST /api/forms, GET /api/knowledge_bases, and listing submissions) to read form schemas, user-submitted submissions, and user-provided knowledge-base content — all untrusted, user-generated third-party content that the agent is expected to interpret and that can materially change subsequent tool use or actions.