newsletter-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scans emails from an AgentMail inbox (scripts/scan_newsletters.py uses client.inboxes.messages.list and the SKILL.md quick start describes scanning an AgentMail inbox), which are untrusted third‑party newsletters/user-generated messages that the agent reads and uses to decide matched campaigns and downstream actions, so third‑party content can materially influence behavior.