email-triager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to ingest and process emails provided by the user (see SKILL.md "When asked to triage, sort, or process emails" and README usage "paste or forward them"), which are untrusted third-party/user-generated content that the agent must read and act on (triage, extract actions, draft replies), enabling indirect prompt injection.