frappe-core-notifications

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests untrusted user-generated email from the open internet via IMAP (see "Incoming Email Flow" in references/email-system.md and Communication DocType), parsing those messages into Communication records that can be linked to documents and trigger auto-replies/notifications, so third-party content can influence runtime actions.