automating-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly reads and processes arbitrary email content from Mail.app (e.g., message.content/subject in scripts like scripts/extract_emails_to_contacts.py and scripts/search_and_archive.py and examples using Mail.inbox.messages), which are untrusted third‑party/user-generated messages and can be interpreted by the agent as part of its workflow, enabling indirect prompt injection.