google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and reads Google Docs content (see SKILL.md instructions to trigger on docs.google.com URLs or Doc IDs and the gws docs documents get flow) and the bundled scripts/extract-doc-text.py parse and output arbitrary document text, so untrusted user-generated doc content can be ingested and influence subsequent agent actions.