qq-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (scripts/receive.js and scripts/get-body.js) connects to imap.qq.com and fetches arbitrary emails from the user's mailbox (parsed by mailparser) so the agent will read untrusted, user-generated third‑party content as part of normal operation, which could contain instructions that materially influence follow-up actions (e.g., forwarding or replying).