Skills
skills/wgpsec/aboutsecurity/gcp-workspace-pivot/Gen Agent Trust Hub

gcp-workspace-pivot

Fail

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides numerous Python and Bash commands specifically designed to search for and extract sensitive data such as passwords, credentials, and attachments from Gmail, Google Drive, and Google Chat using impersonated OAuth tokens.
  • [COMMAND_EXECUTION]: Includes Python scripts that automate Domain-Wide Delegation (DWD) abuse, enabling a Service Account to generate access tokens and impersonate any user in the organization, including Super Admins, without user interaction.
  • [CREDENTIALS_UNSAFE]: Describes techniques to hijack local gcloud credentials and instructions for modifying the Google Cloud SDK source code (config.py) to inject unauthorized OAuth scopes, ensuring future tokens carry elevated permissions.
  • [EXTERNAL_DOWNLOADS]: Recommends downloading and using several third-party exploitation tools from GitHub, including 'DeleFriend', 'DelePwn', and 'PaperChaser', for automating attacks against Workspace infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 4, 2026, 08:15 AM