google-drive
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Susceptibility to indirect prompt injection. Ingestion points: The drive_manager.rb script retrieves file metadata and downloads content from Google Drive. Boundary markers: There are no delimiters or instructions provided to the agent to disregard instructions found within processed files. Capability inventory: The skill provides tools for file deletion, sharing, and movement. Sanitization: No sanitization or filtering is applied to data retrieved from the Drive API.
- [COMMAND_EXECUTION]: The script enables sensitive operations such as permanent file deletion (bypassing trash) and permission modifications (sharing with external emails).
- [DATA_EXFILTRATION]: Excessive scope acquisition and sensitive data handling. The drive_manager.rb script requests the Gmail modify scope which is unnecessary for Drive management and expands the potential impact of a token compromise. The skill stores sensitive OAuth tokens and client secrets in the user home directory (~/.claude/.google/).
Audit Metadata