documents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "get" action calls docs.googleapis.com/v1/documents and maps "$response.body.content" into the agent output (and "list" returns user-owned doc metadata/webViewLink), meaning it ingests arbitrary user-generated Google Docs content from third-party accounts that the agent is expected to read and that could materially influence actions.