email-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says the skill "Fetches recent emails" and runs the gmail-commander scripts (e.g., scripts/digest.ts and gmail-cli/gmail), so it ingests untrusted user-generated email content which the agent reads and triages to drive notifications/actions, exposing it to indirect prompt-injection.