Description-Behavior Mismatch
Medium
- Confidence
- 88% confidence
- Finding
- The skill explicitly instructs agents to download attachments from arbitrary public HTTPS URLs, then process them after only hash verification and PGP handling. This expands the trust boundary beyond the stated index/transaction layer and creates SSRF, untrusted content retrieval, tracking, and unsafe file-handling risks if an agent blindly fetches attacker-controlled URLs.
