gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly reads and processes messages from the user's Gmail inbox (see SKILL.md commands like "list --all" and "read <msg_id>" and the Workflow section), which are untrusted, user-generated third-party emails that the agent must interpret and can influence actions like replying, moving, or creating filters.