gmail-invoice-processor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and parses arbitrary emails and PDF attachments from the user's Gmail inbox (see SKILL.md, references/workflow.md, and scripts/gmail_attachment_helper.py), so it reads untrusted, user-generated third‑party content that directly influences extraction decisions and recommendations.