google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill ingests user-generated content via Google Workspace APIs — e.g., references/chat-api.md shows listing spaces and handling chat events (reading MESSAGE events from request.json()), and templates/oauth-worker.ts fetches Gmail data via gmail.googleapis.com — so the agent will read/interpret untrusted user messages/emails from third-party accounts.