gmail-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated Gmail content (e.g., via GMAIL_FETCH_EMAILS with include_payload, GMAIL_FETCH_MESSAGE_BY_MESSAGE_ID, GMAIL_GET_ATTACHMENT, drafts/threads), so the agent will read arbitrary third-party emails/attachments from Gmail which could contain malicious or instructive content.