google-drive
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts (list.sh, upload.sh, download.sh, delete.sh) that use standard system utilities to perform cryptographic signing, JSON parsing, and network operations.- [EXTERNAL_DOWNLOADS]: The skill communicates with the well-known googleapis.com domain to download and upload file content. These network operations are consistent with the skill's intended purpose and target a trusted organization.- [PROMPT_INJECTION]: The skill processes untrusted file metadata from external Google Drive storage, creating an attack surface for indirect prompt injection.
- Ingestion points: File names and IDs are retrieved from the Google Drive API in list.sh and upload.sh.
- Boundary markers: The script outputs do not utilize explicit delimiters to separate retrieved metadata from instructions.
- Capability inventory: The skill has permissions to read, write, and delete files on Google Drive and perform network operations.
- Sanitization: The scripts use jq to parse structural JSON from the API, which provides validation of the response structure but does not sanitize the content of file names or metadata.
Audit Metadata