apple-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's AppleScript-based scripts (notably scripts/get-emails.sh, scripts/get-email-by-id.sh, and scripts/search-emails.sh) read and parse arbitrary email content from Mail.app mailboxes (external/user-generated emails), which the agent consumes as part of its workflow and therefore could enable indirect prompt injection.