afrexai-email-to-calendar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and scan unread emails and forwarded/pasted emails from the user's inbox (see "Quick Start" and "Batch Processing: Fetch unread emails"), which are untrusted third‑party messages the agent reads and then uses to create/update calendar events or reminders—allowing maliciously crafted email content to influence agent actions.