mailhog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads and acts on captured email contents from the MailHog API (e.g., curl requests to http://localhost:8025/api/v1/messages and the WebSocket at /api/v1/websocket in SKILL.md and references/api-endpoints.md, plus scripts like scripts/test_email_workflow.sh and scripts/send_test_email.sh that parse message bodies and perform actions such as search, assertions, deletion, or release), so untrusted/user-generated email content could be ingested and materially influence decisions or tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install/update flow in scripts/mailhog_manager.sh performs runtime downloads and execution of a MailHog release via calls to https://api.github.com/repos/mailhog/MailHog/releases/latest and the derived https://github.com/mailhog/MailHog/releases/download/... URL, which fetches remote binaries that the script then unpacks/moves and may execute—constituting a runtime fetch that executes remote code and is a required dependency.