communication-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and analyzes arbitrary user-provided communications (emails, pasted chat logs, and screenshots from platforms like Gmail, Slack, Teams, Discord) using tools like mu, Claude Vision, and markitdown, which exposes the agent to untrusted third‑party/user‑generated content that it reads and interprets at runtime.