google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and templates explicitly show reading user-generated content from Google services (e.g., handling Chat 'MESSAGE' events in references/chat-api.md and fetching Gmail data in templates/oauth-worker.ts via the Gmail API), so the agent would ingest untrusted third-party user content that can influence actions.