email-service-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests and renders arbitrary user-provided HTML as part of its workflow (e.g., EmailService.send_notification_email uses notification_data.get('html_content') rendered with {{ content|safe }}, and the Node.js service accepts htmlContent for emails), so it consumes untrusted third-party/user-generated content.