searching-documents-with-google-drive
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Persistence mechanism via cron job modification. The
sync_standups.shscript provides functionality to install a cron job using the--install-cronflag, which modifies the system's crontab to schedule daily execution of the sync script. - [COMMAND_EXECUTION]: Risk of Python code injection. The scripts
download_gdrive.sh,search_gdrive.sh, andsync_standups.shinterpolate shell variables directly into Python code blocks executed viapython3. If parameters such as search patterns or include patterns are influenced by malicious external input, it could lead to arbitrary Python code execution on the host system. - [EXTERNAL_DOWNLOADS]: External tool dependencies and data ingestion. The skill requires the installation of
rcloneand communicates with Google Drive, a well-known service, to fetch and download documents to the local environment. - [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill is designed to ingest documents from external sources that are then made available to the agent, creating a path for adversarial instructions to influence behavior.
- Ingestion points: Documents are downloaded from Google Drive into the local filesystem via
download_gdrive.shandsync_standups.sh. - Boundary markers: No boundary markers or 'ignore' instructions are implemented to isolate the content of downloaded files from the agent's instructions.
- Capability inventory: The skill possesses capabilities for filesystem access, execution of system commands (rclone), and modification of scheduled tasks (cron).
- Sanitization: The skill does not perform sanitization or validation on the content of the files retrieved from Google Drive before they are processed.
Audit Metadata