gws-install

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste their client_secret.json or client ID/secret and instructs the agent to write or embed those values (or produce export commands), which requires the LLM to receive and output secrets verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs network-installed code that will be loaded as agent skills—e.g., "npm install -g @googleworkspace/cli" and "npx skills add googleworkspace/cli -g --agent claude-code --all" fetch and install remote package(s) (package reference: googleworkspace/cli) at runtime which will place code into ~/.claude/skills/ and thus directly control agent prompts/behavior.