google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads user-provided and third-party content (e.g., Gmail messages via get_gmail_message_content, Drive/Docs/Sheets via get_drive_file_content/get_doc_content/read_sheet_values, Chat via get_messages, Forms responses, and a Programmable Search Engine via search_custom), so the agent will ingest untrusted/user-generated or public-web content that could carry indirect prompt-injection.