google-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and processes Google Docs and Drive content as part of its workflows (e.g., "scripts/docs_manager.rb read <document_id>" and Drive search in SKILL.md / integration-patterns.md) and also accepts arbitrary public image URLs for insertion ("insert-image" examples), so untrusted/user-generated third‑party content is ingested and can directly influence subsequent tool actions like replacements, inserts, and sharing.