newsletter-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests email content from arbitrary AgentMail inboxes via client.inboxes.messages.list (scripts/scan_newsletters.py) and then directly scans email subject/body (scan_message / get_message_text) to drive campaign matches and downstream skill chaining, meaning untrusted third-party newsletter content can materially influence agent actions.