email-whiz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads user emails from arbitrary senders via gmail_search_emails and gmail_read_email (see SKILL.md Phase 0 discovery and Triage Pass 3 / Security Gate), and uses that untrusted, user-generated third‑party content to make decisions and drive actions (filter creation, batch modifications, auto-rules), so it exposes the agent to indirect prompt-injection risk.