gdcli
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The gdcli skill explicitly reads and downloads arbitrary user-provided Google Drive content (e.g., the "search "" (fullText)" command and "download "/ls operations), which can include untrusted or public user-generated files that could carry indirect prompt-injection content.
Audit Metadata