apple-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and parses arbitrary, user-generated email content from the local Apple Mail store (Envelope Index at ~/Library/Mail/V{9,10,11}/MailData/ and emlx files) as part of its normal workflow (see mail-read.sh, mail-read-emlx.py, mail-search.sh, mail-list.sh), so untrusted third-party messages could contain instructions that influence subsequent actions.