himalaya

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to IMAP/SMTP backends (see references/configuration.md IMAP settings) and its SKILL.md lists commands like "himalaya envelope list" and "himalaya message read" that fetch and display user-generated emails from external mail servers, which are untrusted third-party content that could contain instructions influencing subsequent actions (move, delete, download attachments).