action-mailbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary external emails from third-party ingress providers and webhooks (e.g., Mailgun/SendGrid/Postmark/relay endpoints, the Rails conductor and uploaded .eml sources described in SKILL.md and reference.md), and instructs the agent to parse and act on subjects, bodies, attachments, and routing tokens — untrusted user-generated content that can materially influence processing and subsequent actions.