utoronto-outlook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill connects to outlook.office365.com via IMAP and exposes the agent to arbitrary, untrusted user-generated email content (e.g., list_messages, get_message, search) which the agent reads and could contain indirect prompt-injection.