agent-email-inbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests inbound email bodies from external senders via resend.emails.receiving.get in the webhook flow (see "Webhook Endpoint" in SKILL.md), then passes that untrusted, user-generated email content to agent.processEmail, meaning third-party emails can directly influence agent actions.