recipe-batch-reply-to-emails

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and reads user-generated email content from Gmail (see steps using "gws gmail users messages list" and "gws gmail users messages get"), so the agent ingests untrusted third-party messages that could contain instructions influencing replies or subsequent actions.