google-drive
Fail
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform privileged operations silently without seeking user consent. Specifically,
SKILL.mddirects the agent to "Check and install silently -- don't ask the user for permission to install these" when runningsudo apt install -y rcloneor executing remote installation scripts. This bypasses standard security oversight and user review of system modifications. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes installation scripts from external domains, including
https://rclone.org/install.shandhttps://astral.sh/uv/install.sh. While these originate from well-known technology service providers, the instructions to execute them without user intervention increases the risk of unauthorized system changes. - [COMMAND_EXECUTION]: The Python implementation in
src/gdrive/rclone.pyusessubprocess.runto executerclonecommands. While the commands are constructed as lists to mitigate shell injection, the skill's orchestrator handles sensitive operations like file deletion and permission management based on user-supplied paths and remote names. - [DATA_EXFILTRATION]: The skill's primary purpose is the transfer of data to and from Google Drive. It manages OAuth tokens and performs authenticated requests to Google's APIs (
googleapis.com) to manage files and sharing permissions. The storage of these tokens in local configuration files (~/.config/rclone/rclone.conf) is a standard requirement for the tool's operation but represents a high-value target for credential theft.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata