executive-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse user email threads and drafts, calendar events, Todoist tasks, and Granola meeting data (e.g., "gog --account ... gmail search", "gog --account ... calendar list", "todoist-cli review", "mcporter call granola query_granola_meetings") — all untrusted/user-generated third-party content the agent must read and act on (including deleting drafts and surfacing items), which could carry indirect prompt-injection instructions.