agentmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows fetching and processing emails from third-party providers (e.g., "Integrate agentmail with email services like Gmail or Outlook" and CLI/API examples that "Fetch an email" and call /classify and /draft), so the agent ingests untrusted, user-generated email content that can directly influence classification, drafting, scheduling, and subsequent actions.