google-docs-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly exposes commands like "get-text" (and reading by full URL) and "find" that fetch and read Google Docs — user-generated third-party content — which the agent ingests and can use to drive subsequent actions (append/replace), creating risk of indirect prompt injection.