newsletter-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly reads and ingests third‑party newsletter content from the user's inbox via the Gmail calls in "Phase 1: Retrieve Newsletter" (mcp__claude_ai_Gmail__gmail_read_message / gmail_search_messages) and additionally performs open web searches/enrichment via Exa ("mcp__exa__web_search_exa") in Phase 3, and that external content is parsed and used to identify/prioritize articles and drive analysis/next actions, so untrusted third‑party content can materially influence the agent.