gdrive-access

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The developers.google.com page is official documentation and low-risk, but the drive.google.com folder is user-controlled personal file hosting (can contain arbitrary executables or installers) which is a common high-risk vector for malware distribution, so the combined set should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and downloads arbitrary user-generated files from Google Drive via the Drive API (see SKILL.md "Drive Commands" and scripts/lib/drive.ts functions like downloadFile and syncFolder), so the agent will ingest third-party content stored on Drive that could contain instructions influencing subsequent actions.