detecting-email-forwarding-rules-attack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime script scripts/agent.py explicitly fetches user-created mailbox rules from the Microsoft Graph API (GET https://graph.microsoft.com/v1.0/users/{user-id}/mailFolders/inbox/messageRules) and analyzes those rules to produce findings and drive decisions, meaning it ingests untrusted/user-generated third‑party content that can influence actions.