google-drive
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- Metadata Poisoning (MEDIUM): The README.md file erroneously claims 'Read-only access', while the SKILL.md file and command reference specify 'Full read/write access' including destructive actions like 'trash', 'rename', and 'move'. This discrepancy is deceptive regarding the skill's actual capabilities and permission scope.\n- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it processes attacker-controllable data.\n
- Ingestion points: File names and folder metadata retrieved via search and list operations.\n
- Boundary markers: None provided in instructions or script documentation.\n
- Capability inventory: Local file system access (download) and Google Drive modification (rename, move, trash).\n
- Sanitization: No evidence of sanitization for retrieved metadata prior to command execution or output generation.\n- Data Exposure & Exfiltration (LOW): The documentation refers to a 'Google cloud function' used for token refreshing, which represents an unverified network dependency and a potential data exposure risk if the endpoint is not controlled by a trusted entity.
Audit Metadata