Email Fortress

The skill is an instruction-only policy that coherently tells an assistant to treat email as untrusted and require confirmation via a trusted channel before acting — it asks for no credentials, installs, or broad privileges.

This skill is a coherent, low-risk policy you can adopt to prevent email-based prompt injection. Before installing: (1) choose and specify a single trusted channel and verified user ID in the placeholders, (2) decide how forwarded summaries are handled (redact attachments, PII, or secrets), (3) confirm the agent will only update its own MEMORY.md/system prompt with your consent, and (4) test the workflow with harmless emails to verify it flags and waits for confirmation rather than acting. If the skill later requests credentials, downloads code, or asks for always:true, treat that as suspicious.