bd-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "Enrich from LinkedIn" in SKILL.md (public, user-generated profiles) and to read past email threads via the Gmail MCP in gmail-integration.md, so it ingests untrusted third-party content that will directly influence drafting and subsequent tool actions.