google-connect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user to "please paste" the Client ID and Client Secret and to add/update .env lines with those user-provided values, which requires the model to receive and potentially echo or embed secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill directly reads and processes user-provided third-party content from Google services (e.g., Gmail, Google Docs, Drive, Sheets) as shown by commands like "list emails", "read doc", and "list drive files", which exposes the agent to arbitrary external/user-generated content.