watcher-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-generated, third-party content (e.g., examples.md: GmailWatcher.get_email_content reads full email bodies from the Gmail API and WhatsAppWatcher.check_for_updates scrapes WhatsApp Web via Playwright) and writes that content into action files (create_action_file) whose priority/suggested actions can influence downstream behavior, so untrusted external content could indirectly inject instructions.