gws-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to paste the client_secret.json (and to export/print decrypted credentials), which requires the LLM to receive and potentially output secret values verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs the user at runtime to fetch and execute remote packages (e.g., "npm install -g @googleworkspace/cli" and "npx skills add googleworkspace/cli -g --agent claude-code --all"), which will download and run external code and install agent "skills" that directly control model prompts/instructions, so this is a runtime dependency that affects agent behavior.