microsoft-outlook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill ingests arbitrary user-generated email content via the Microsoft Graph API (see scripts/microsoft.ts calls to GET /me/messages and /me/messages/{id}/$value and the SKILL.md "messages"/"download" commands), so untrusted third-party email content is read/downloaded and could materially influence agent behavior.