google-drive

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are Google Drive links — a legitimate domain but a personal file-hosting service commonly abused to distribute malicious executables, so downloads from these URLs are potentially suspicious unless the file and publisher are verified.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The code intentionally routes OAuth token exchange and refresh through an external cloud function (google-workspace-extension.geminicli.com), causing users' access/refresh tokens to be transmitted to a third-party service and creating a high risk of credential capture and data exfiltration.