Skills
skills/wadewarren/gws-claude-plugin/gws-drive/Gen Agent Trust Hub

gws-drive

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the gws binary and executes CLI commands to manage Google Drive resources, which is the primary intended functionality.
  • [EXTERNAL_DOWNLOADS]: The skill documentation describes methods for downloading file content and exporting Google Workspace documents through the Drive API.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and processes data from external, user-controlled sources within Google Drive.
  • Ingestion points: The agent retrieves data such as file contents, metadata, and comments through the files.get, files.list, comments.list, and replies.list methods in SKILL.md.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the provided skill description.
  • Capability inventory: The skill possesses significant capabilities, including the ability to create, update, delete, and modify permissions for Drive resources using the gws CLI.
  • Sanitization: The documentation does not specify any sanitization or validation procedures for the data retrieved from the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:56 PM