email-processing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly integrates with Gmail and includes a GmailWatcher (examples.md — "Example 3: Gmail Watcher" / gmail_watcher.py) that fetches and decodes email bodies from external senders and uses those contents in classification, drafting, and send workflows (classify_email.py, send_email.py), meaning untrusted, user-generated email content is read and can materially influence actions.