google-docs

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The code intentionally routes OAuth authorization/code exchange and refresh operations through a third‑party cloud function (https://google-workspace-extension.geminicli.com), sending refresh tokens/authorization data off‑device — enabling unauthorized remote access and credential exfiltration of users' Google Docs credentials.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated Google Docs content via the Google Docs and Drive APIs (see scripts/docs.py get_text / find_docs and the SKILL.md/README get-text and find commands), so arbitrary third‑party document text can be read and could influence the agent's decisions and tool use, enabling indirect prompt injection.