gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and returns user email content from Gmail (e.g., GET /google-mail/gmail/v1/users/me/messages and GET /google-mail/gmail/v1/users/me/messages/{messageId}), which is arbitrary third-party/user-generated content that the agent would parse and could contain indirect prompt injections.