email-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The CLI's ingest workflow (SKILL.md and email_search/cli.py) together with email_search/pst_parser.py and attachment_extractor.py clearly parse and extract text from user-supplied PST archives and their email/attachment contents, which are stored and auto-embedded by email_search/store.py and then used for search, analytics, and exports — meaning arbitrary/untrusted third‑party email content is read and can materially influence the tool's behavior.