gmail-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and Implementation Guide explicitly show a "Gmail Trigger" and scripts (e.g., processNewEmails) that read emails and attachments from arbitrary external senders and then parse/ocr content to drive actions (uploading, labeling, forwarding, spreadsheet updates), so untrusted third-party email content is ingested and can materially influence behavior.