google-drive
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official tool from the vendor (membranedev) used to manage connections and authentication. - [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute
membranecommands to authenticate users, establish connections to Google Drive, and run API actions. - [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection as it processes untrusted data from Google Drive. 1. Ingestion points: File metadata, comments, and shared drive content (SKILL.md). 2. Boundary markers: None present. 3. Capability inventory: Permission management, file creation, and file deletion (SKILL.md). 4. Sanitization: None documented. This risk is inherent to the tool's primary purpose of file management and is considered acceptable.
Audit Metadata