persona-sales-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to read and act on client emails and other user-generated content (e.g., "gws gmail +triage" and "gws workflow +email-to-task" plus spreadsheet/Drive interactions), so the agent ingests untrusted third-party content (emails, sheets, drive files) that can directly influence actions.