google-docs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that place OAuth client_id/client_secret directly in a config file and as CLI flags (auth setup --client-secret ...), which encourages the agent to accept and emit secret values verbatim into files/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests user-authored Google Docs content (see SKILL.md commands "documents read"/"documents get" and scripts/google-docs.py functions read_document_content, export_document_as_markdown, and insert_after_anchor) so untrusted third-party document text could be read and used to determine edits or subsequent actions.