searching-documents-with-google-drive

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are Google Docs/Drive URLs on legitimate domains but represent personal cloud hosting that can serve arbitrary files (including executables/archives) and are commonly abused to distribute malware, so downloads from unknown owners or unscanned files are high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (download_gdrive.sh, search_gdrive.sh, sync_standups.sh) explicitly fetch files from Google Drive—including "Shared with me" via rclone's --drive-shared-with-me—and export Google Docs as Markdown for "reading and processing" (SKILL.md), so untrusted user-generated third‑party content is ingested and can influence downstream actions.