gws-gmail-reply-all

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly operates on Gmail messages via the required --message-id flag (i.e., it fetches message headers/body from users' inboxes), which are untrusted, user-generated third-party content used to determine threading and recipients and thus can materially influence reply behavior.