gws-drive
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
gwsbinary to interact with the Google Drive API, enabling tasks such as file creation, deletion, and permission management.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. - Ingestion points: Untrusted data is retrieved from Google Drive through methods such as
files.get(metadata and content),comments.list, andreplies.list. - Boundary markers: The skill does not define explicit boundary markers or provide instructions to the agent to ignore potentially malicious content within the retrieved data.
- Capability inventory: The skill possesses powerful capabilities, including the ability to delete files (
files.delete), modify access permissions (permissions.update), and download file content (files.download). - Sanitization: No sanitization or content validation is performed on the data fetched from the API before it is processed by the agent.
Audit Metadata