spark-persona-exec-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and interprets user email threads and inbox content via commands like "spark emails Inbox --filter ..." and "spark thread " (untrusted, user-generated third-party messages) and uses that content to draft replies and drive scheduling actions, so external message content could indirectly inject instructions affecting agent behavior.