m365

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and read mailbox and calendar items via Microsoft Graph endpoints (e.g., "m365 request --url 'https://graph.microsoft.com/v1.0/users//messages...'" and "m365 outlook message get"), which ingests user-generated/untrusted email and calendar content that the agent is expected to interpret and that can directly influence actions like sending mail or creating events.