gdrive-access
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the 1Password CLI (op) to securely retrieve OAuth credentials at runtime, effectively avoiding the risks associated with hardcoding secrets.
- [SAFE]: It implements the principle of least privilege by only requesting the drive.readonly scope for Google Drive access.
- [SAFE]: Local OAuth tokens are stored in a dedicated directory (~/.claude/tools/gdrive-tokens/) with restrictive file permissions (chmod 600) to ensure they are only accessible by the current user.
- [COMMAND_EXECUTION]: The skill performs local command executions to manage its environment, including using op for authentication, bun for compiling its custom CLI tool, and chmod for enforcing file security.
- [EXTERNAL_DOWNLOADS]: Dependencies are fetched from the official npm registry (@googleapis/drive), and the tool communicates exclusively with official Google API domains (googleapis.com).
- [PROMPT_INJECTION]: The skill serves as an ingestion point for untrusted data from Google Drive, which represents a potential indirect prompt injection surface if the agent processes the file content without isolation.
- Ingestion points: scripts/lib/drive.ts (via downloadFile and syncFolder functions).
- Boundary markers: None explicitly implemented in the skill instructions to separate downloaded content from agent instructions.
- Capability inventory: The skill has access to Bash, Write, and Read tools.
- Sanitization: No content-level validation or sanitization is performed on the downloaded Drive files.
Audit Metadata