email-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and processes webhook payloads and API responses from external providers (see the Webhooks sections in SKILL.md and templates/mailgun-webhooks.ts, plus verify/handle webhook code for Resend/SendGrid/Mailgun/SMTP2Go) and uses fields like event.data.email and event.url to make state-changing decisions (unsubscribe, mark invalid), so untrusted/third-party content can directly influence actions.