1. Critical Prompt Injection Vulnerability: Untrusted Email Content Directly Passed to Claude API
A critical security flaw exposes multiple core services of an email automation system to prompt injection attacks. The vulnerability stems from a fundamental design failure: attacker-controlled email content—including the body, subject, and sender fields—is passed directly into prompts for the Claude API without any da...