GHSA-hjwc-26pj-v3pm: AgenticMail: Cross-agent task authorization bypass in AgenticMail API

A low-privileged authenticated AgenticMail agent can enumerate another agent’s pending/claimed tasks by supplying the target agent name to GET /api/agenticmail/tasks/pending?assignee=<name>. The returned task objects include the task IDs and payloads. The same task IDs can then be used with the capability-style task mutation endpoints (/tasks/:id/claim, /tasks/:id/result, /tasks/:id/complete, /tasks/:id/fail) to claim, complete, or fail tasks assigned to a different agent.

Because ordinary authenticated agents can discover agent names through GET /api/agenticmail/accounts/directory, the task ID effectively stops being a secret capability. This turns the intended capability model into a cross-agent authorization bypass.