Google Workspace Ops

Security checks across malware telemetry and agentic risk

Overview

This is a transparent, instruction-only Google Workspace helper, but users should keep permissions narrow and confirm any live document edits.

Install only if you want an agent to work with Google Workspace files. Use a least-privilege Google credential limited to the needed folders and APIs, test on low-risk files first, and require the agent to identify the target file and planned changes before editing, archiving, merging, or restructuring shared documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are generic enough to match ordinary document-editing requests, which can cause the skill to activate in situations where the user did not intend broad Google Workspace operations. Because this skill is designed to find and modify shared Docs, Sheets, Slides, and Drive assets, over-broad activation increases the chance of unintended access, search, or in-place edits to real collaborative data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly supports finding and updating shared Google Workspace files in place, but it does not warn users that actions may affect live, shared documents. In this context, missing safety language is dangerous because users may treat the skill as a low-risk helper while it can restructure spreadsheets, edit docs, alter slides, and clean Drive content that collaborators depend on.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal