Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill directly fetches and displays arbitrary user-generated Gmail content via the Gmail API (e.g., list(), read(), getThread(), getAttachment() and parseFullEmail/extractParts), so the agent will ingest untrusted third‑party messages and attachments that could contain indirect prompt-injection instructions.
Audit Metadata