orbit-gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says the skill "pulls the past 24 hours of inbox activity ... from the user's authenticated Gmail connection" and the workflow requires the agent to read and render that live email content (and drive actions like "查看邮件并回复"), so untrusted third-party email content is ingested and can materially influence subsequent actions.