inboxmate-demo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes prospect company websites (homepage, /about, /products, /pricing, /faq, /contact, etc.) via WebFetch and the MCP scrape_and_build_knowledge / add_to_bucket calls and ingests those pages as knowledge items (with sourceUrl) that are then used to build system prompts, knowledge, and agent behavior, exposing the agent to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and injects external website content into the agent at runtime (via WebFetch / the MCP scrape_and_build_knowledge tool for pages such as https://[company-domain]/about, https://[company-domain]/products, https://[company-domain]/pricing), and that fetched content is used as required knowledge that directly controls the agent's responses.