First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
10
Score
92/100
Findings (10)
Detects CLI tools granting unrestricted send/read access to email or messaging
gmail search 'is:important newer_thanRestrict email and messaging API access to user-initiated actions. Prevent automated sending that could exfiltrate data via email body or attachments.
Likely FP if the skill is an email client or messaging tool whose documented purpose is to send messages on behalf of the user.
Detects execution of shell script files via bash/sh command or direct invocation
bash skills/morning-email-rollup/rollup.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash skills/morning-email-rollup/rollup.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash skills/morning-email-rollup/rollup.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash /path/to/skills/morning-email-rollup/rollup.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash skills/morning-email-rollup/rollup.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects CLI tools granting unrestricted send/read access to email or messaging
gmail search 'is:important OR is:starred newer_thanRestrict email and messaging API access to user-initiated actions. Prevent automated sending that could exfiltrate data via email body or attachments.
Likely FP if the skill is an email client or messaging tool whose documented purpose is to send messages on behalf of the user.
Detects CLI tools granting unrestricted send/read access to email or messaging
gmail search 'is:important is:unread newer_thanRestrict email and messaging API access to user-initiated actions. Prevent automated sending that could exfiltrate data via email body or attachments.
Likely FP if the skill is an email client or messaging tool whose documented purpose is to send messages on behalf of the user.
Detects CLI tools granting unrestricted send/read access to email or messaging
gmail search 'label:work is:important newer_thanRestrict email and messaging API access to user-initiated actions. Prevent automated sending that could exfiltrate data via email body or attachments.
Likely FP if the skill is an email client or messaging tool whose documented purpose is to send messages on behalf of the user.
Detects execution of shell script files via bash/sh command or direct invocation
bash skills/morning-email-rollup/rollup.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.