google-drive
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill maps natural language commands to shell executions (e.g.,
python3 ... drive_operations.py upload <path>). User-provided inputs such as file IDs, names, and search queries are interpolated directly into these commands, creating a severe risk of command injection if the agent processes malicious strings. - DATA_EXFILTRATION (HIGH): The
sharecommand allows the agent to grant external access to private files. An attacker could use indirect prompt injection (e.g., via a malicious file name) to trigger this capability and exfiltrate sensitive data to an unauthorized email address. - CREDENTIALS_UNSAFE (MEDIUM): Setup instructions direct users to store
GOOGLE_CLIENT_IDandGOOGLE_CLIENT_SECRETin a.envfile at the root. Agents often have read access to environment files, making these credentials vulnerable to exposure through prompt injection. - EXTERNAL_DOWNLOADS (MEDIUM): The skill allows downloading arbitrary files from Google Drive to the local filesystem. This could be abused to pull malicious payloads onto the host system if the agent is manipulated into downloading from an attacker-controlled folder.
- INDIRECT_PROMPT_INJECTION (HIGH): The skill has a significant attack surface as it ingests untrusted data (file names, metadata, and content) from Google Drive. There are no visible boundary markers or sanitization steps to prevent malicious instructions embedded in file metadata from hijacking the agent's logic during list or search operations.
Recommendations
- AI detected serious security threats
Audit Metadata