check-unread-emails

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The bundled scripts (scripts/check_new_emails.py and scripts/get_recent_emails.py) use AppleScript to read full message content from the user's Mail.app inbox (external, user-generated emails), and SKILL.md requires the agent to parse and categorize that untrusted email content to drive prioritization and suggested actions—allowing instructions in emails to influence decisions and next steps.