ez-google

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's auth flow explicitly asks the user to copy/paste an OAuth token and uses a command template auth.py save '' which requires the agent to receive and embed the token verbatim, exposing secrets in output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly reads and outputs user-generated content from Google services—e.g., scripts/gmail.py (get) reads email bodies, scripts/docs.py (get/extract_text) outputs Doc contents, scripts/drive.py (download) exports file content, scripts/slides.py (text) extracts slide text, scripts/sheets.py (get) prints spreadsheet cells, and scripts/chat.py (messages) lists chat messages—so it consumes untrusted third‑party content that could carry indirect prompt injections.