himalaya

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and references/configuration.md show the agent will connect to arbitrary IMAP/SMTP servers and run commands like himalaya envelope list, himalaya message read, and himalaya attachment download, meaning it fetches and processes untrusted, user-generated email content from third-party mail servers which could contain instructions that materially influence actions.