google-workspace

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to accept raw OAuth client ID/secret (or an auth code/redirect URL) and write/run commands that embed those values (e.g., create a desktop OAuth JSON file and call --auth-code), which requires emitting secret values verbatim — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI and implementation (e.g., scripts/google_api.py — functions like gmail_search/gmail_get and docs_get — and the SKILL.md Usage examples) explicitly fetch and return Gmail messages, Drive files and Docs content (untrusted/user-generated third‑party content) which the agent is expected to read and could contain instructions that materially influence subsequent actions.