google-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly includes actions like "Get Document — Gets the latest version of a document including its content and metadata" and describes running Membrane actions to fetch Google Docs content, which are user-generated/third-party and the agent is expected to read and act on that content, so malicious instructions in documents could influence subsequent actions.