email-management-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to call MCP tools that read and preview user mailbox content—e.g., search_emails, get_email_with_content, and get_email_thread—which ingest arbitrary external/user-generated emails from the user's inbox and thus could contain untrusted instructions.