microsoft-outlook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly reads and interprets user-generated, potentially untrusted email bodies, calendar event content, and attachments from Microsoft Graph (e.g., the "Read a message body" call to https://graph.microsoft.com/v1.0/me/messages/${MSG_ID} and the attachment download endpoints in SKILL.md), and those contents are used to compose replies, send mail, or change calendar items, so third-party content could influence agent actions.