email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's email_manager.py (receive_emails / receive_emails_since) and the mail.py workflow explicitly connect to external IMAP/POP3 servers (QQ/163) and parse arbitrary incoming email bodies via get_email_content, so untrusted user-generated emails from the public internet are read/interpreted and can directly influence subsequent actions (e.g., reporting, deletion, or sending), enabling indirect prompt-injection risk.