process-email-bookmarks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads bookmark URLs extracted from Gmail threads and explicitly instructs (in SKILL.md Step 2, the Example, and the Rules "Always fetch full content") to fetch and extract content from those external webpages, which are untrusted third-party sources that could contain malicious or instruction-like content.