gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses emails from a user's Gmail inbox via scripts/read_emails.py and scripts/search_emails.py (Gmail API) and uses those untrusted, user-generated messages to categorize, summarize, and drive drafting/response actions, so external email content could carry instructions that influence agent behavior.