email-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads and reads Joel's Front email conversations via the joelclaw email CLI (e.g., joelclaw email inbox and joelclaw email read --id ...) and uses those untrusted, user-generated email messages to decide triage actions (archive, reply, draft), so third-party content could indirectly inject instructions into the agent's decision/action flow.