himalaya

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md and references/configuration.md explicitly show the skill connects to IMAP/SMTP backends and performs actions like "himalaya envelope list", "himalaya message read", and "himalaya attachment download", meaning the agent ingests user-generated emails from third‑party mail servers that could contain instructions influencing replies/forwards or other actions.