gdrive-access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill programmatically lists, downloads, and syncs files from Google Drive via the Drive API (see scripts/cli.ts and scripts/lib/drive.ts and the "Drive Commands" section in SKILL.md), which ingests user-generated/untrusted Drive content and metadata that the agent reads and uses to decide export formats, output paths, and recursive sync actions—exposing the agent to third-party content that could carry indirect prompt-like instructions.