gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and decodes arbitrary user emails from Gmail (see scripts/read.mjs, list.mjs, search.mjs, reply.mjs, draft.mjs which call gmail.users.messages.get / threads.get and decode message bodies), so it ingests untrusted, user-generated third‑party content that the agent reads and which could influence follow-up send/reply/draft actions.