gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and decodes arbitrary user email content from Gmail via endpoints shown in SKILL.md (e.g., "List Messages", "Get Message", and "Decode Message Body" using the Gmail REST API), which are untrusted user-generated third-party messages that the agent is expected to read and could contain instructions that influence actions.