gws

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly reads and interprets user-generated, potentially untrusted content from Google Workspace (e.g., SKILL.md / references show commands like gws gmail +triage, gws gmail users messages get, gws drive files get, gws docs documents get, and workflows like +meeting-prep and +email-to-task) which fetch emails, Drive files, and Docs and can materially influence actions (creating tasks, announcements, or other tool use), exposing the agent to indirect prompt injection risk.