[Security Alert] Potential phishing email received

Resolved 💬 4 comments Opened Jan 11, 2026 by claude[bot] Closed Feb 13, 2026

Prompt-Injection/Phishing Attempt Detected

An incoming email from an unknown sender exhibits characteristics of a potential phishing or social engineering attack.

Email Details:

  • From: Sarah Hunt <sarah.h@huntdmnavigator.info>
  • To: tony@mcpbundles.com
  • Subject: New HR Policy Introduction
  • Message ID: 19baa9167e9df85d
  • Received: Sun, 11 Jan 2026 01:00:11 +0000

Content:
"Please review the stone-stone new HR policy document attached."

Security Concerns:

  1. Unfamiliar Domain: Sender uses 'huntdmnavigator.info' with no connection to MCPBundles
  2. Suspicious Phrasing: "stone-stone" repetition appears unusual/potentially malicious
  3. Typical Phishing Pattern: HR policy documents are commonly used in phishing attacks
  4. Attachment Reference: References an attached document without legitimate context

Recommendation: Treat with extreme caution. Do not open attachments or click links from this sender without verification.

---

Metadata:

  • Incoming Message ID: 19baa9167e9df85d
  • Email Address (Inbox): tony@mcpbundles.com
  • Published At: 2026-01-11T01:00:16.173Z
  • Gmail Thread ID: 19baa9167e9df85d
  • Gmail Message ID: 19baa9167e9df85d
  • From (Sender): sarah.h@huntdmnavigator.info
  • To (Recipient): tony@mcpbundles.com
  • Subject: New HR Policy Introduction
  • Received: Sun, 11 Jan 2026 01:00:11 +0000
  • Draft URL: N/A

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗