gmail-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and read incoming emails via GMAIL_FETCH_EMAILS and GMAIL_GET_THREAD (reading third-party, user-generated email content) and then to perform actions like GMAIL_REPLY_TO_EMAIL and GMAIL_BATCH_MODIFY_MESSAGES, so untrusted email content could contain instructions that materially influence tool use.