nylas-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, third-party user content via endpoints such as GET /v3/grants/{id}/messages, attachments download endpoints, notetaker media/transcripts, and webhook payloads (see AGENTS.md and rules/email-messages.md, rules/notetaker-meetings.md, rules/webhooks-notifications.md), and the agent is expected to read and act on that content (summaries, smart-compose, replies, sends), which could enable indirect prompt injection.