email-imap-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches user-generated, untrusted email content from configured IMAP accounts (via IMAP_ACCOUNTS_JSON / IMAP_ACCOUNT_IDS or IMAP_HOST envs) and forwards snippets and composed message text to OpenClaw webhooks (see compose_webhook_message/send_openclaw_webhook in scripts/imap_idle_fetch.py), so third-party email content will be read by downstream agents and can influence their actions.