Skills
skills/akillness/skills-template/google-workspace/Snyk

google-workspace

Fail

Audited by Snyk on Mar 29, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext secrets (e.g., 'password': 'TemporaryPassword123!' in the Admin SDK user creation and explicit service-account/credentials filenames), which encourages placing secret values verbatim into API requests or generated code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and scripts/gws-helper.py explicitly read and process user-generated Google Workspace content (Gmail messages, Drive/Docs files, Sheets, and Forms responses via the Google APIs) and then use that content at runtime to drive actions like sending emails, creating/sharing documents, and updating sheets, so untrusted third-party content could indirectly inject instructions that affect agent behavior.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 02:29 AM
Issues
2