files
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from an external source (Google Drive).
- Ingestion points: File names, descriptions, and user names are retrieved from the Google Drive API (
googleapis.com) and mapped into the agent's context via thelistandgetactions inskill-router.json. - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore or isolate content within retrieved metadata, such as file names.
- Capability inventory: The skill includes the ability to share files with external email addresses (
shareaction) and create folders, providing potential targets for an injection attack. - Sanitization: The JSON router mapping does not include logic for sanitizing or escaping the external strings returned by the Google Drive API.
Audit Metadata