primitive-inbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs the agent to have the user read back a 6‑digit verification code and a signup-token and then embed those exact values into CLI commands (e.g., --verification-code, --signup-token), which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill “primitive inbox” reads inbound email content via primitive emails latest / primitive emails wait, and that inbound mail is authored by external third parties (outsider senders), which the runtime ingests as readable email text into the agent’s LLM context.