google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly searches and downloads user/third-party-generated content from Google Drive and Gmail (e.g., scripts/gdrive_transcript_search.py's get_file_content, scripts/gdrive_search.py and the Gmail/Calendar search reference docs shown in SKILL.md), reads that content as part of its workflow, and uses it in follow-up actions (document generation, folder creation), so untrusted file/email content could indirectly inject instructions.