use-spark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and ingests user email bodies, full threads, and meeting transcripts from the user's Spark mailbox (see SKILL.md: the "search" command returns email bodies, "thread" prints full threads, and "meeting"/"meetings" return transcripts) and the Typical Workflows instruct the agent to read that content and answer questions, so untrusted third-party messages could inject instructions that influence agent behavior.