roundcube-webmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (notably scripts/read-mail.js and the SKILL.md/README instructions) use Playwright to log into the Roundcube webmail at WEBMAIL_URL (https://mailbox.naist.jp/roundcube/), scrape user-generated email content from the inbox, and then display/post those emails to chat/Slack, meaning untrusted third-party email content is read and can influence agent outputs and actions.