qq-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/receive.js and scripts/get-body.js) connect to imap.qq.com to fetch and parse arbitrary incoming emails (subjects, previews, and full bodies) from untrusted third-party senders, which the agent is expected to read and could contain instructions that materially influence subsequent actions.