macos-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly reads and returns arbitrary external email content from Mail.app (e.g., scripts/message/get.applescript, list.applescript, search.applescript) — which is untrusted, user-generated third‑party content — and includes actions that can send or reply (scripts/message/send.applescript, scripts/message/reply.applescript), so that third‑party message content could be interpreted and materially influence agent decisions or tool use.