google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly reads and processes untrusted user-generated content (emails and message bodies via scripts/gmail.py read/thread and reply/reply-all, Drive/Docs content via scripts/google_drive.py and scripts/google_docs.py including insert-image from arbitrary public URLs) and then performs actions (create/send drafts, modify docs, create events, set filters) based on that content, so third-party content can influence tool use and agent behavior.