google-sheets

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The code intentionally routes OAuth token exchange and refresh through an external cloud function (CLOUD_FUNCTION_URL / REFRESH_ENDPOINT), sending refresh tokens to a third-party service and thereby exposing long-lived credentials and full read/write Drive/Sheets access to an external host — a high-risk credential-exfiltration/backdoor pattern; I found no obfuscated exec/eval or reverse-shell code, but the external token handling is a deliberate design that enables third-party access to user data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts (scripts/sheets.py and auth flow described in SKILL.md/README) directly fetch and return user-generated Google Sheets and Drive file contents via the Sheets and Drive APIs, so arbitrary spreadsheet content from third-party users can be read and influence the agent's actions.