ops-inbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime workflow (SKILL.md) explicitly fetches and ingests user-generated third-party content — e.g., Gmail threads via gog gmail thread get, WhatsApp via wacli messages list, Slack/Telegram via MCP tools, Discord via ops-discord read, and Notion comments via notion-get-comments — and then reads/interprets that content to draft and send replies or take actions, so untrusted content can materially influence agent behavior.