postmark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The postmark-inbound skill (postmark-inbound/SKILL.md and its references like handler-examples.md and payload-structure.md) explicitly instructs the agent to accept and parse arbitrary incoming emails delivered as POSTed JSON (StrippedTextReply, MailboxHash, Attachments) from external senders and to route/act on that content (reply-by-email, command processing, ticket creation), meaning untrusted third-party content is read and can materially influence actions.