chief-of-staff

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's generate-newsletter-digest workflow (.claude/commands/generate-newsletter-digest.md) explicitly fetches newsletter content from Gmail (including inspecting "view in browser" URLs and links to Substack/Buttondown/Beehiiv/etc), then spawns Haiku/Opus agents to read, triage, and extract facts that directly determine which items are kept and what actions/APIs are called—meaning untrusted, third‑party content is ingested and can materially influence agent decisions and tool use, creating a risk of indirect prompt injection.