gws-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to request and write the user's client_secret.json (and suggests using gws auth export which prints decrypted tokens), which requires the LLM to receive and potentially output secret values verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). Flagged because the setup explicitly fetches and installs remote agent code at runtime via npm/npx (e.g., npm install -g @googleworkspace/cli and npx skills add googleworkspace/cli --agent claude-code) which pulls and executes packages from the npm registry (for example https://registry.npmjs.org/@googleworkspace/cli) and installs Claude Code agent skills that directly control agent prompts/behavior.