agentmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill ingests untrusted user-generated content via inbound emails and webhook event payloads (see "Webhook Event Payload" and the scenarios instructing GET /v0/inboxes/{inbox-id}/threads, GET message/attachment download_url and processing attachments), and explicitly directs the agent to read/classify that content with an LLM and then send replies or take follow-up actions, so third-party content can influence tool use and decisions.