email-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "personal" provider explicitly uses IMAP/SMTP (imap-smtp-email/scripts/imap.js and related inbox-* commands in SKILL.md and email_gateway.sh) to fetch and read arbitrary user emails and attachments from external senders, so the agent will ingest untrusted, user-generated third-party content and act on it (search, fetch, download, forward), enabling indirect prompt injection.