competition-mailbox-abuse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). High risk: the skill explicitly tracks tokens, consent grants, token claims, and asks for the "smallest replayable sequence" and message-trace/audit evidence, which encourages capturing and outputting sensitive tokens/session values verbatim for reproduction or tracing.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents and instructs how to perform and reproduce mailbox-based abuse (OAuth/consent/token abuse, inbox/forwarding/transport rules, delegate/shared-mailbox access) to achieve persistence and silent data exfiltration, and therefore materially facilitates malicious activity.