Gws Apps Script Push
Security checks across malware telemetry and agentic risk
Overview
This skill documents a Google Apps Script upload command that can overwrite a chosen script project, but that behavior is clearly disclosed and aligned with its purpose.
Before using this skill, make sure the gws CLI is from a trusted source and authenticated to the intended Google account. Confirm the script project ID and source directory before running it because the push command replaces all files in the target Apps Script project.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.