google-docs

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The code intentionally routes OAuth handling and refresh operations through a third‑party cloud function (google-workspace-extension.geminicli.com), including POSTing refresh tokens to that endpoint, which constitutes explicit credential exfiltration risk and a potential backdoor for account takeover; no other obfuscated backdoor or remote‑exec patterns were found.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads user-generated Google Docs via the Google Docs API (see scripts/docs.py get_text calling https://docs.googleapis.com/v1/documents/... and the SKILL.md/README "get-text" command), and that untrusted document content can be interpreted and used to drive edits/actions (append/replace), enabling indirect prompt-injection.