The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill retrieves sensitive OAuth client credentials (client ID and secret) from a 1Password vault using the op command-line tool. Although this is a managed authentication flow, it involves the agent handling high-privilege secrets that are subsequently stored as tokens in ~/.claude/tools/gdrive-tokens/ with restrictive permissions.
[EXTERNAL_DOWNLOADS]: The build and setup instructions in SKILL.md require running bun install, which downloads the @googleapis/drive library and various development tools from the npm registry.
[COMMAND_EXECUTION]: The skill performs several automated shell operations, including compiling its own source code into a binary using bun build, interacting with the 1Password CLI to fetch secrets, and spawning a local HTTP server (Bun.serve) to receive OAuth authorization codes. It also executes its own built binary for all Google Drive operations.
[PROMPT_INJECTION]: The SKILL.md file contains a 'Self-Evolving Skill' directive that instructs the AI agent to modify its own instructions based on its operational experiences. This creates a surface for indirect prompt injection attacks. Ingestion points: Data and metadata read from external Google Drive files via the gdrive list and search commands. Boundary markers: None; external content is processed directly by the agent. Capability inventory: The agent has permissions to write to its own SKILL.md and execute arbitrary shell commands. Sanitization: No sanitization is performed on file content before it is interpreted by the agent, potentially allowing malicious files to trigger permanent changes to the skill's behavior.

gdrive-access