qq-email-operator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly connects to imap.qq.com and fetches/parses email messages (see scripts/qq_email.py: connect_imap, get_email_body, cmd_read and cmd_reply) and SKILL.md explicitly describes reading/searching/replying to the QQ inbox, so untrusted, user-generated email content is ingested and can materially influence replies or subsequent actions.