gsheets

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill’s stated purpose (Google Sheets integration) matches its capabilities at a high level, but there are security concerns in the distribution/authorization design. The two main red flags are: (1) default use of "embedded OAuth credentials" (publisher-controlled) instead of forcing user-supplied credentials, and (2) the documentation claim that the OAuth flow "grants access to all Google services," which is broader than required for Sheets and indicates excessive privileges. These patterns are common in supply-chain credential-harvesting attacks if the implementation proxies requests or the publisher collects tokens. However, the provided fragment contains only documentation and no executable code that demonstrably exfiltrates data or performs malicious actions. Recommendation: treat this skill as SUSPICIOUS until the actual scripts are inspected. Verify the exact OAuth scopes requested and inspect the scripts to confirm that API calls go directly to Google endpoints and that tokens are not sent to third-party domains. If you must use it, supply your own credentials in `~/.config/google-skill/credentials.json` and audit the scripts. LLM verification: The skill's documentation and commands are consistent with a Google Sheets integration, but there are notable supply-chain and privilege risks: it defaults to using embedded OAuth credentials (unspecified), the auth flow is described as granting access to “all Google services” (excessive scope), and the actual implementation scripts are not provided for review so network endpoints and exact scopes are unknown. Because of these inconsistencies and the missing implementation, treat this skill as S