detecting-business-email-compromise-with-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs connecting to Microsoft Graph or Google Workspace APIs to scan inbound email (SKILL.md Step 1) and the included scripts (scripts/agent.py and scripts/process.py) ingest and analyze email text/JSON, so it reads untrusted, user-generated third-party email content that directly drives decisions like auto-quarantine.