email-pro-optimized

The bundle contains scripts for automated Git operations (auto-push.py and sync-updates.py) that perform 'git add', 'commit', and 'push' on the local skill directory, which could facilitate unintended code or data exfiltration if the remote repository is untrusted. Additionally, scripts/authorize-outlook.sh contains hardcoded OAuth credentials (Client ID: 0360031a-ad0e-4bce-9d2f-0c53eda894b8, Secret: 914fb58f-4aea-4ddb-bb97-51d66581cfee) for a specific Azure tenant. The code also exhibits shell injection vulnerabilities in auto-push.py and sync-updates.py due to the use of subprocess.run(shell=True) with constructed strings.