Security audit

Google Drive

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Drive management skill, but it can delete files and change sharing permissions, so users should use those actions deliberately.

Install this only if you want an AgentPMT-connected agent to manage Google Drive through your connected Google account. Confirm file IDs before permanent deletion, prefer trash when recovery matters, avoid anyone or domain sharing unless explicitly intended, disable shared-drive inclusion when not needed, and upload only from trusted public URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The schema exposes a permanent delete capability for files and folders, but the skill description emphasizes search, upload, download, organization, copy, and sharing without clearly advertising destructive operations. This mismatch can cause downstream agents or users to invoke deletion without appropriate expectation, review, or safeguards, increasing the risk of accidental or prompt-induced data loss.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill exposes high-risk actions such as permanent deletion, trashing, moving, and broad sharing (including `anyone` permissions) but does not instruct the agent to require explicit user confirmation or warn before executing irreversible or externally sharing operations. In an agent setting, this increases the chance of unintended destructive changes or accidental data exposure from ambiguous prompts or workflow automation.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The delete action says files are permanently deleted and not recoverable, but it lacks an explicit caution or operational warning that this is a high-risk action requiring confirmation. In agentic contexts, terse destructive verbs without strong warnings increase the chance of accidental irreversible deletion from ambiguous prompts or prompt injection.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The sharing action grants access to files or folders, including potentially broad domain or anyone permissions, yet the schema text does not emphasize the confidentiality and integrity risks of changing permissions. In a Drive-management skill, silent or weakly signposted sharing can enable unintended data exposure or unauthorized collaboration if triggered by deceptive prompts.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The upload action allows fetching content from a public URL and storing it in Google Drive, but the description does not warn that external content will be retrieved and persisted. This can enable SSRF-like misuse against permitted fetch infrastructure, ingestion of malicious or sensitive content, or unreviewed transfer of data into Drive when driven by untrusted prompts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.