microsoft-graph-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill (e.g., emails.ts read / calendar.ts view) calls Microsoft Graph and ingests outsider-authored free text from the user’s mailbox/calendar—specifically email body/subject and calendar subject/bodyPreview—into the agent’s LLM context via the script’s JSON output (output() → console.log(JSON.stringify(response))).