The Agent Skills Directory

[SAFE]: The skill uses official Google API libraries (google-api-python-client, google-auth-oauthlib) to interact with Drive. All operations are authenticated through standard OAuth 2.0 flows.
[SAFE]: OAuth tokens and configuration are stored in the user's home directory (~/.drive_credentials/), which is the standard and expected behavior for desktop-style API tools. No hardcoded credentials or unauthorized data transmission patterns were detected.
[INDIRECT_PROMPT_INJECTION]: The skill interacts with external file metadata, which is a potential injection surface, but it is handled appropriately. Ingestion points: File names, descriptions, and metadata are retrieved via the list, search, and get functions in google_drive.py. Boundary markers: Outputs are consistently returned as structured JSON, effectively separating data from the agent's logic. Capability inventory: The skill has the ability to download, delete, and share files. Sanitization: While there is no explicit NLP sanitization, the JSON output structure prevents basic instruction hijacking. Conclusion: The implementation is safe and the risks are inherent to the intended functionality.

google-drive