gws-gmail-reply-all

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly operates on Gmail messages (using --message-id) and preserves quoted HTML/inline images and automatically determines recipients from the original message headers, which means it fetches and ingests untrusted, user-generated email content from third-party senders as part of its workflow and that content can change who is included or how replies are formed.