gmail-read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (see SKILL.md and src/dist gmail-broker) explicitly calls GMAIL_FETCH_EMAILS and GMAIL_FETCH_MESSAGE_BY_MESSAGE_ID to retrieve message snippets and full email content from a user's Gmail mailbox, which are untrusted/user-generated third‑party contents that the agent will read and could influence subsequent actions.