google-email

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads and processes user emails and attachments from third-party senders via the Gmail API (see SKILL.md and scripts like scripts/list_messages.py and scripts/download_attachments.py), meaning untrusted, user-generated message content is ingested and could materially influence agent actions (e.g., labeling, sending drafts, automated workflows).