Skills
skills/terrylica/cc-skills/gdrive-access/Gen Agent Trust Hub

gdrive-access

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands to manage its lifecycle and security. It uses the 1Password CLI (op) to retrieve OAuth secrets from a specified vault, bun to install dependencies and compile the TypeScript source code, and chmod 600 to ensure that locally cached tokens are only readable by the current user.
  • [EXTERNAL_DOWNLOADS]: During the setup process, the skill downloads the official @googleapis/drive client and related TypeScript types from the npm registry.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface. Ingestion points: File names and metadata are fetched from Google Drive in scripts/lib/drive.ts. Boundary markers: The output is provided to the agent without specific delimiters or instructions to ignore embedded commands. Capability inventory: The skill can execute shell commands and make network requests to Google APIs. Sanitization: There is no filtering or sanitization of file metadata before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 04:10 AM