google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and acts on user-generated third-party content from Google Workspace (e.g., gws gmail +triage / recipe-draft-email-from-doc.md reads Gmail and Docs content, gws sheets +read, and gws drive files get or file-announce which fetches Drive metadata/content) and then uses that content to compose/send messages or perform actions, so untrusted external content could indirectly inject instructions.