What happened
PraisonAI's AgentMail component (before 4.6.78) accepts unsigned webhook payloads, allowing an attacker to forge inbound email/message events with an arbitrary sender identity that the agent will process as legitimate.
Why it matters
This enables indirect prompt injection via spoofed 'trusted' senders, letting an attacker manipulate agent behavior (e.g., trigger financial or data-exfiltration actions) by impersonating a legitimate correspondent in an email-driven agent workflow.
Attack vector
PraisonAI AgentMail's webhook mode lacks signature verification, so unauthenticated attackers can POST crafted message.received events with spoofed sender addresses directly to the webhook endpoint, injecting arbitrary content into the agent's processing pipeline.
Affected systems
PraisonAI AgentMail before 4.6.78
Mitigation
Upgrade PraisonAI to 4.6.78 or later; enforce webhook signature/HMAC verification before processing any inbound message events.