weekly-report-to-annual

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to provide an email address and an application password and instructs connecting to IMAP to fetch emails, which requires the agent to handle and likely embed the secret (e.g., in connection code or commands), creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to a Feishu IMAP mailbox and fetches user emails (scripts/fetch_emails.py and SKILL.md "读取周报邮件"), then concatenates those untrusted, user-generated email bodies into the agent prompt (demo.py) to drive report generation, so external email content can materially influence the agent's outputs and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's fetch_emails.py connects at runtime to the Feishu IMAP server (imap.feishu.cn) to retrieve email bodies that are injected into the LLM prompt to generate the report, so external content from imap.feishu.cn directly controls the agent's prompt and is a required dependency.