google-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and ingests Google Docs content via the Docs API (see SKILL.md "Read Document" workflow and scripts/docs_manager.rb read_document) and uses that user-generated document text to plan edits and drive downstream actions (e.g., index calculations, find/replace, and integration-patterns.md shows passing document content to Claude), so untrusted third‑party document contents can materially influence tool behavior.