agentmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill registers and processes incoming email webhooks (see SKILL.md "Webhooks for Real-Time Processing" and references/WEBHOOKS.md) and the example handlers in references/EXAMPLES.md accept and parse arbitrary, user-generated email content (subject/text/attachments) from external senders and then take actions (auto-replies, create GitHub issues, route messages, start tasks), so untrusted third-party content can directly influence tool use and agent decisions.