gws-gmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes Gmail messages (see SKILL.md helper commands +triage, +reply, +forward, and +watch which read the user's inbox and act on message content), so it ingests untrusted, user-generated third-party email that could contain instructions influencing agent behavior.