agentmail-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests untrusted, user-generated content (email bodies, HTML, attachments) delivered to the agent via WebSockets and webhooks (see SKILL.md and references/websockets.md and references/webhooks.md) and instructs the agent to process that message content (e.g., process_email, using extracted_text), so third-party content can directly influence actions like replies, forwards, drafts, and label updates.