gws

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read user-generated/untrusted content from Google Workspace services (e.g., "gws gmail users messages get", "gws drive files get", and other Gmail/Drive/Docs examples, plus MCP server integration) which the agent is expected to interpret and act on (triage, create/send, automate), so third-party content could materially influence tool use and enable indirect prompt injection.