gdcli
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill requires installing "@mariozechner/gdcli" from npm, which is an untrusted source. This presents a supply chain risk as the package is not from a verified organization.
- Indirect Prompt Injection (HIGH): The skill has a high-risk surface for indirect prompt injection because it reads untrusted content and has significant capabilities. * Ingestion points: Untrusted data enters the agent context through file metadata (filenames) via "gdcli ls" and file content via "gdcli search" (SKILL.md). * Boundary markers: Absent. There are no instructions for the agent to treat Drive data as untrusted or to use delimiters. * Capability inventory: The tool includes "upload", "download" (local file write), and "share --anyone" (public permission modification) as shown in SKILL.md. * Sanitization: Absent. No sanitization or validation of the external content is performed.
- Data Exposure (MEDIUM): The skill accesses and stores sensitive files including "
/.gdcli/credentials.json" and "/.gdcli/accounts.json" (SKILL.md). Accessing these paths while using an untrusted external package is a security concern.
Recommendations
- AI detected serious security threats
Audit Metadata