gmail-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md workflow (Step 1 and Step 3) and accompanying scripts (gws gmail users messages get piped into scripts/extract_newsletter.py) explicitly fetch and parse arbitrary external emails/newsletters from the user's Gmail (untrusted, user-generated third‑party content) and then use that content to decide categorization and mark messages as read, so third‑party instructions could influence agent actions.