google-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and workflow examples show the agent reading and processing user-generated Google Workspace content (e.g., "gws gmail users-messages list/get" and the "Pipeline: Find → Process → Act" that extracts email subjects and then runs follow-up gws commands), so the agent ingests untrusted third-party content from Gmail/Drive/Docs which could materially influence subsequent tool actions.