gws-workflow-email-to-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states it "Reads the email subject as the task title and snippet as notes," so it ingests untrusted, user-generated Gmail message content and uses it to create tasks, allowing third-party content to influence agent behavior.