fastmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses user-generated email and calendar content from Fastmail (via scripts/jmap-client.ts and scripts/caldav-client.ts) and the CLI/tools (see scripts/cli.ts reply_email/get_email and scripts/tools/calendar.ts parseEventData/respondToInvitation) explicitly read and act on that external message/ICS data, so untrusted third-party content can materially influence recipients, subjects, and subsequent actions.