inbox-reply

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads lead emails and full conversation threads from Instantly Unibox (e.g., GET /emails and GET /emails?search=thread:{thread_id} in SKILL.md and references/instantly-inbox-api.md), which are untrusted, user-generated messages that the agent must interpret to classify intent and draft/send replies, enabling potential indirect prompt injection.