action-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Available Context Methods" and examples explicitly show handlers using context.fetch("https://...") and context.callAgent(..., tools: ["Read","WebSearch"]) (see "External API access" and "AI-Powered Email Processing" examples), which means action handlers can fetch and ingest content from arbitrary public URLs/web searches and then use that content to decide and perform follow-up actions (send/forward/label emails), exposing the agent to untrusted third-party content that could carry indirect prompt injection.