gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and displays user-generated email content from Gmail via the Gmail API (e.g., gmail_client.py's list_messages/get_message and the CLI viewers scripts like scripts/read_message.py and scripts/list_messages.py), so the agent will read and interpret untrusted third-party messages and attachments, allowing indirect prompt injection.