spark-recipe-vacation-catchup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read user email threads from the inbox (e.g., Step 2/Step 3: "spark thread " and the various "spark emails Inbox --filter" commands in SKILL.md), which are untrusted, user-generated third-party messages that the agent must interpret to decide actions like archive, markAsSeen, snooze, or contact-action—creating clear potential for indirect prompt injection.