google-drive-skill

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication material on the local filesystem. It reads and writes OAuth client secrets and user tokens in the ~/.claude/skills/ directory.
  • The implementation includes logic to search for and reuse credentials from sibling skill directories, specifically gmail-skill, google-docs-skill, google-sheets-skill, and google-slides-skill.
  • [DATA_EXFILTRATION]: The skill possesses capabilities to move data to an external service (Google Drive) as part of its primary functionality.
  • The upload and upload-tree commands can transmit local files and directory structures to the cloud.
  • The share command allows users to programmatically grant access to Drive content to external email addresses with roles like 'reader', 'writer', or 'commenter'.
  • [COMMAND_EXECUTION]: The skill is configured to execute Python-based tools via Bash to perform its operations. This includes local file system interactions (reading files for upload, writing downloaded files) and network operations (communicating with Google Drive APIs).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:05 PM
Security Audit — agent-trust-hub — google-drive-skill