google-workspace
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: Potential query injection in
scripts/gw.py. Thedrive_customercommand interpolates user-provided input from the--nameargument directly into a Google Drive API query string without sanitization. Ingestion points:args.nameinscripts/gw.py. Boundary markers: None; input is not validated or escaped. Capability inventory: Searching and listing Google Drive files. Sanitization: Absent; single quotes in input can manipulate query logic. - [CREDENTIALS_UNSAFE]: The skill accesses a sensitive service account JSON file specified by the
GOOGLE_SERVICE_ACCOUNT_FILEenvironment variable and uses domain-wide delegation to impersonate Workspace users. While required for the skill's primary functionality, this access pattern involves handling high-privilege authentication credentials that should be carefully managed.
Audit Metadata