client-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The process_feedback.py script calls gws to fetch Gmail messages and download attachments and SKILL.md explicitly tells the agent to read the generated report.json and full body text files to triage and create GitHub issues, so untrusted, user-generated email content from Gmail can directly influence the agent's decisions and actions.