google-drive-skill
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication material on the local filesystem. It reads and writes OAuth client secrets and user tokens in the
~/.claude/skills/directory. - The implementation includes logic to search for and reuse credentials from sibling skill directories, specifically
gmail-skill,google-docs-skill,google-sheets-skill, andgoogle-slides-skill. - [DATA_EXFILTRATION]: The skill possesses capabilities to move data to an external service (Google Drive) as part of its primary functionality.
- The
uploadandupload-treecommands can transmit local files and directory structures to the cloud. - The
sharecommand allows users to programmatically grant access to Drive content to external email addresses with roles like 'reader', 'writer', or 'commenter'. - [COMMAND_EXECUTION]: The skill is configured to execute Python-based tools via
Bashto perform its operations. This includes local file system interactions (reading files for upload, writing downloaded files) and network operations (communicating with Google Drive APIs).
Audit Metadata