email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to "receive verification emails" and to "Read inbox" via the agentmail REST/CLI endpoints (e.g., GET /v0/inboxes/$AGENTMAIL_EMAIL/messages and threads), meaning the agent will fetch and interpret untrusted, user-generated email content that can contain actionable instructions (verification links or replies) which may influence subsequent tool use and decisions.