outlook-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads user-generated, potentially untrusted email and calendar content from the local Outlook session (e.g., SKILL.md and reference/cli.md show commands like uv run ... get --include-body, list --include-body-snippet, and calendar get --include-body) and those bodies can be used to create drafts/replies or drive actions, so third-party content can materially influence behavior.