speaking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow explicitly instructs the agent to search and read Gmail threads and to fetch a Google Sheet (see the gog gmail search/read and gog sheets get commands in SKILL.md), which ingests untrusted user-generated third-party content that the agent must interpret and that can materially influence its decisions and follow-up actions.