newsletter-signal-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch newsletter emails via the AgentMail API (Phase 1), extract and strip the full email body for analysis (Phase 1/3), and then use those snippets to drive keyword-matching, digests and recommended actions (Phase 3/4), meaning untrusted third-party newsletter content can directly influence the agent's decisions and next actions.