google-drive

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs users to provide the OAuth client_secret directly (e.g., via --client-secret on the CLI and in a config file), which requires embedding secret values verbatim in commands or files and therefore exposes them (high-risk pattern).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly accesses and ingests user-generated, potentially untrusted content from Google Drive via the Drive API (see files list/search/get/download commands and the fullText search in scripts/google-drive.py and references/drive-queries.md), so the agent will read third-party file contents as part of its workflow.