agentmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill ingests untrusted, user-generated content via incoming email webhooks (see SKILL.md and references/WEBHOOKS.md handling of "message.received" events and the webhook receiver examples), and the examples show the agent parsing email subject/body/attachments and taking actions (auto-replies, creating tasks, creating GitHub issues), so third-party content can directly influence agent behavior.