Skills
skills/kcchien/skills/gws-drive/Gen Agent Trust Hub

gws-drive

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the gws command-line tool to perform operations on Google Drive resources.
  • [EXTERNAL_DOWNLOADS]: References official Google Workspace documentation for API methods and usage guidelines.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted content from Google Drive (files, comments, and metadata).
  • Ingestion points: Methods like files.get, files.list, and comments.list in SKILL.md bring external data into the agent's context.
  • Boundary markers: The instructions do not specify any delimiters or safety prompts to isolate untrusted content from the agent's instructions.
  • Capability inventory: The skill has extensive capabilities including creating, updating, and deleting files, as well as managing sharing permissions.
  • Sanitization: No evidence of sanitization or content validation for data retrieved from Google Drive.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:09 PM