gmail-multi-inbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scans the user's Gmail using a third-party Gmail MCP connector (see "Initial Setup → Step 1: Scan Gmail" which calls search_gmail_messages) and ingests untrusted, user-generated email senders/subjects to build sender/domain lists and generate Apps Script that creates/deletes filters and labels, so remote content directly influences actions and tool behavior.