morning-email-rollup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly searches Gmail and "gets sender, subject, date, and body for each email" (SKILL.md "How It Works" and "AI Summarization"), and it passes the email body directly into the Gemini CLI prompt—meaning untrusted, user-generated email content can influence the model's outputs and behavior.