google-gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and interprets arbitrary user email content from Gmail via the Gmail API (see "Read a single message body", "Read a whole thread", and "Search by Gmail query" in SKILL.md) and can perform writes (send/modify messages), so untrusted, user-generated email content could contain instructions that materially influence the agent's actions.