google-workspace-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill dynamically fetches external content via Google APIs (e.g., it reads Drive/Docs/Gmail content with commands like "gws docs documents get" and "gws gmail users messages get" and also reads Google's Discovery Service at runtime), so the agent will ingest user-generated/untrusted third-party content that can influence subsequent actions (see SKILL.md commands and recipes such as "recipe-draft-email-from-doc" and "gws docs documents get").

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). High-confidence flag: the skill explicitly fetches Google's Discovery service at runtime (https://developers.google.com/discovery) to dynamically build its entire command/tool surface, meaning remote content directly controls what prompts/tools the agent exposes and relies on that external content as a required dependency.