newsletter-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly fetches and ingests external newsletters from Gmail (e.g., via "gog gmail search" and "gog gmail thread get" for Substack/Beehiiv/convertkit, processed by extract_email.py), and the agent is expected to read/interpret that untrusted third‑party content to categorize, extract actionable steps, and drive Obsidian/Gmail actions, so external content could inject instructions that influence subsequent behavior.