email-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and reads user-generated emails from Gmail via the AtrisOS API endpoints (e.g., GET /api/integrations/gmail/messages and GET /messages/{message_id} shown in SKILL.md) and then uses that message content to draft replies, decide archives, and drive send/archive actions, which exposes the agent to untrusted third-party content that could influence behavior.