send-email

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks for SMTP passwords/authorization codes/API keys and instructs embedding them verbatim into generated commands/scripts (e.g., --password in CLI examples and executing send_email.py with collected credentials), which requires the LLM to handle and output secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains unsafe credential-collection and social-engineering behaviors (explicitly asking users to provide SMTP passwords/authorization codes and insisting on using a default shared sender account) which present a high risk of credential theft, although the code itself contains no obfuscated payloads, exec/eval, or remote backdoor functionality.