---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa)

The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/joaofr.gg@gmail.com — the package author's personal Gmail address — with no prop or configuration option to override the destination. When a downstream application embeds this component, every submission (full name, phone number, corporate email, company name, Brazilian CNPJ tax ID, role, and message body) is POSTed to the author's mailbox instead of the integrating application's backend. Developers consuming a generic 'contact form' component reasonably expect submissions to go to their own server; the hardcoded destination causes silent exfiltration of end-user PII and business data through normal use of the advertised API.