agent-mail

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The presence of a raw GitHub install.sh from an unvetted username that the prompt explicitly tells users to curl | bash is a high‑risk pattern (direct .sh execution from an unknown repo); the 127.0.0.1 URLs are local UI endpoints (not inherently malicious) but could serve or control code installed by that script, so the overall source is suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on user-generated mailbox content (e.g., SKILL.md shows fetch_inbox / resource://inbox and summarize_thread workflows) and AGENTS.md documents a "Human Overseer" web-UI path that can send high‑importance messages which instruct agents to pause and perform tasks—so third‑party/untrusted message content is read and can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill’s installation instructions include curl-and-pipe commands that fetch and execute remote shell scripts at runtime (e.g. curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/mcp_agent_mail/main/scripts/install.sh?$(date +%s)" | bash), which directly executes external code and is therefore a high-confidence runtime RCE dependency.