qq-email-operator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider-authored email body text is fetched at runtime via QQ IMAP (mail.fetch(..., "(BODY.PEEK[])") in cmd_read) and then printed as readable prose (body = get_email_body(msg)), which would be ingested into the agent/LLM context if the workflow relays command output.