gdrive-access

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The Google Drive folder link is potentially suspicious because personal file-hosting links can contain arbitrary or malicious executables and lack provenance, whereas the developers.google.com URL is an official Google documentation page and is low risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow and code (SKILL.md, scripts/cli.ts, and scripts/lib/drive.ts) explicitly list, export, download, and sync files from Google Drive—ingesting arbitrary user-generated Drive content (exported Google Docs, PDFs, etc.) which the agent would read or act on and could therefore carry embedded instructions that influence subsequent tool use.