email-imap-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches full email payloads from arbitrary IMAP mailboxes configured via environment variables (IMAP_ACCOUNTS_JSON / IMAP_ACCOUNT_IDS) and then extracts snippets and forwards those messages to OpenClaw webhooks (see scripts/imap_idle_fetch.py and references/env.md / SKILL.md), so untrusted, user-generated email content can be read and can materially influence downstream agent behavior.