email-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime code (scripts/email_client.py and scripts/check_email.py, referenced in SKILL.md and config/accounts.json) fetches emails from arbitrary IMAP accounts (third‑party, user-generated content) and the project explicitly generates AI summaries and reply drafts (scripts/reply_draft.py) that the agent reads and that influence notifications and subsequent send actions, so untrusted email content can alter agent behavior.