Sales Email Automation (IMAP/SMTP)

This skill bundle automates B2B sales workflows by integrating email (IMAP/SMTP), CRM (OKKI), and LLMs. It is classified as suspicious due to critical shell injection vulnerabilities in auto-capture.js and kb-retrieval.js, where untrusted data from email subjects or domains is passed directly into execSync calls to execute local Python scripts. While the bundle demonstrates benign intent through extensive documentation and security features like file path whitelisting in scripts/imap.js and scripts/smtp.js, the unsafe handling of external input when constructing shell commands presents a significant security risk that could allow an attacker to execute arbitrary code on the host system.