Skills
skills/akillness/oh-my-skills/google-workspace/Snyk

google-workspace

Fail

Audited by Snyk on Apr 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The prompt includes explicit plaintext credentials (e.g., 'password': 'TemporaryPassword123!') and examples referencing service-account key files, which encourage embedding secret values verbatim in code or requests, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and scripts/gws-helper.py explicitly read and process user-generated Google Workspace content (Gmail messages, Drive/Docs files, Sheets, and Forms responses via the Google APIs) and then use that content at runtime to drive actions like sending emails, creating/sharing documents, and updating sheets, so untrusted third-party content could indirectly inject instructions that affect agent behavior.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 07:59 AM
Issues
2