outlook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user emails, message bodies, and attachments from Microsoft Graph endpoints (e.g., scripts/outlook-mail.sh calling /me/messages and attachments and scripts/outlook-calendar.sh calling /me/calendar/... ), and those untrusted, user-generated emails/attachments are read, captured to the "brain", and used to create drafts/replies or schedule events—so third-party content could supply instructions that influence subsequent actions.