agentmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, user-generated email content via webhooks and API endpoints (see "Webhooks" and the "Webhook Event Payload" plus scenarios like "Generate a response with your LLM" and "Read the full thread" / downloading attachments), so incoming emails/attachments can indirectly inject instructions that the agent will read and act on.