google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill ingests and parses arbitrary user-generated email and calendar content via the Gmail and Calendar APIs (e.g., scripts/read_email.py, scripts/search_emails.py, scripts/needs_reply.py, scripts/search_events.py), so the agent will read untrusted third-party content that could carry indirect prompt injections.