email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses emails from external IMAP servers (scripts/email_tool.py — e.g., cmd_read, cmd_search_links, cmd_download) and extracts/acts on untrusted, user-generated content and HTML links from mail messages (as documented in SKILL.md), which can materially influence actions like downloading attachments or moving messages.