spark-persona-freelancer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read user-generated third-party email content (e.g., via "spark emails", "spark thread", and "spark search" in SKILL.md) and to draft replies or set reminders based on those messages, so untrusted external content can directly influence actions.