instant-agent-email-accounts-with-pigeonscale

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes arbitrary incoming email from third-party senders (see "Handling incoming mail content" and the OpenClaw "Runtime behavior" which runs pigeonscale mail watch and pigeonscale mail thread show), so untrusted user-generated content is read by the agent and could influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running "npx -y pigeonscale@0.0.25 ..." which will fetch and execute remote npm package code at runtime (npx pulls code from the npm registry), so it is a runtime external dependency that executes remote code.