google-docs-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly fetches and exposes user-generated Google Docs and comments via the Google Docs API (see the "Read Document Content" command and docs.documents().get / list comments in docs_skill.py), so arbitrary/untrusted document content could be read by the agent and materially influence subsequent actions (edits, exports, sharing), enabling indirect prompt injection.