publish-to-google-docs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The upload script defaults to 'anyone:writer' permissions, making documents publicly accessible and editable by anyone with the link.
- [COMMAND_EXECUTION] (MEDIUM): The skill prompts the agent to run installation commands for Pandoc using various package managers, which run with the agent's system privileges.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references downloading Pandoc from GitHub; while GitHub is a trusted source per [TRUST-SCOPE-RULE], runtime binary acquisition remains a risk factor.
- [CREDENTIALS_UNSAFE] (MEDIUM): Google OAuth credentials are required as environment variables, making them accessible to any other process in the agent's environment.
- [PROMPT_INJECTION] (HIGH): Vulnerable to indirect prompt injection via untrusted markdown input, which could be used to exfiltrate sensitive local files by abusing the skill's file-read and public upload capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata