google-workspace

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext secrets (e.g., 'password': 'TemporaryPassword123!' in the Admin SDK user creation and explicit service-account/credentials filenames), which encourages placing secret values verbatim into API requests or generated code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-generated/untrusted Workspace content (see SKILL.md and scripts/gws-helper.py: docs.documents().get, sheets.values().get, forms.forms().responses().list, gmail.users().messages().get, drive.files().list, etc.) and then uses that content to drive actions (creating/updating docs, sending emails, sharing files, running Apps Script), so third-party content can materially influence agent behavior.