agentmail-toolkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to untrusted, user-generated email content (including messages and attachments) via the listed tools such as get_inbox, list_threads, get_thread, and get_attachment (see "Available Tools" and the integration examples that register/use AgentMailToolkit), and those messages are intended to be read and acted on (send/reply/forward), so third‑party content can directly influence agent actions.