apple-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly reads email messages from Mail.app (see SKILL.md commands like "Get message content by index" and "Search and read first match" which return "content of msg"), and those messages are untrusted third-party/user-generated content that the agent is expected to interpret and that could materially influence its behavior.