Warn
Audited by Snyk on Mar 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the agent can "Read inbox" and "Search messages" from external providers (Gmail, Outlook, IMAP), meaning it ingests untrusted, user-generated email content that could contain instructions influencing actions.
Audit Metadata