gpc-sdk-usage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes a "List and respond to reviews" workflow that calls client.reviews.list to fetch Google Play user reviews (public, user-generated) and then programmatically replies based on their content, meaning untrusted third-party content is read and can directly influence actions.