The Agent Skills Directory

[DATA_EXFILTRATION]: The script sheets_skill.py accesses sensitive Google OAuth credential files (credentials.json) and session tokens stored in the tokens/ directory. It is designed to proactively search for these credentials in the ~/.claude/skills/gmail-skill/ directory, which involves cross-skill data access to facilitate shared authentication across the author's tools.
[PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface because it processes data from external spreadsheets that could contain malicious instructions.
Ingestion points: Data from Google Sheets is ingested via the read and get commands in sheets_skill.py.
Boundary markers: The script does not use explicit delimiters or instructions to treat the ingested sheet data as untrusted or to ignore any commands embedded within cells.
Capability inventory: The skill provides full write, append, clear, and management (create/delete) capabilities for Google Sheets and Google Drive via the sheets and drive services.
Sanitization: Output is JSON-serialized, which ensures data structure but does not sanitize or filter the content of the cells for potential prompt injection patterns.
[COMMAND_EXECUTION]: The skill relies on the Bash tool to execute the sheets_skill.py script. It uses argparse to handle command-line arguments, which mitigates simple shell injection but requires the agent to provide sanitized inputs for spreadsheet IDs and values.

google-sheets-skill