email-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to monitor and fetch emails via the Feishu API and IMAP (e.g., check_unread_emails and email-monitor.js), which ingests untrusted, user-generated third-party email content that the agent is expected to read and act on (e.g., notify or send replies), enabling indirect prompt injection.