agentmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests arbitrary, user-generated emails and attachments delivered via webhooks or websockets (see references/webhooks.md and references/websockets.md where payload.message is passed to processEmail/process_email and websocket event handlers), so untrusted third-party content is read and processed and could influence agent actions.