implementing-mimecast-targeted-attack-protection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's agent code fetches and processes untrusted, user-generated email data from Mimecast (e.g., scripts/agent.py calls the Mimecast API endpoints like /api/ttp/url/get-logs and /api/ttp/impersonation/get-logs, and scripts/process.py and SKILL.md describe analyzing those URL/attachment/impersonation logs), which the agent reads and uses to make decisions (reports/audits/quarantine actions), so third-party content could indirectly inject instructions.