email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MCP integration and inbox triage workflows (e.g., /email check -> skills/email-check/SKILL.md and the "MCP Integration" section listing search_gmail_messages, get_gmail_message_content, list-mail-messages, send-mail, etc.) clearly fetch and interpret user/third-party email content and use it to generate replies and take actions, exposing the agent to untrusted, user-generated content that could carry indirect prompt-injection instructions.