google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses untrusted, user-generated content from Google services (e.g., Gmail via gmail/read_message.js & list_messages.js, Google Chat via chat/read_messages.js & get_eod_messages.js, Drive via drive/read_file.js, and Docs via docs/read_doc.js), and that content is used by the agent to drive actions (e.g., send_message.js, create_event.js), so third-party text could indirectly influence behavior.