agentmail-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI exposes commands to list and retrieve inbox messages and threads (e.g., "agentmail inboxes:messages list" and "agentmail inboxes:messages retrieve"), which ingests untrusted, user-generated email content that the agent is expected to read and can influence replies/forwards and other actions.