Recipe Create Classroom Course

Security checks across malware telemetry and agentic risk

Overview

This is a simple Google Classroom recipe whose commands match its stated purpose, though running them can create a real course and invite a real student.

Install only if you trust the external gws tool and gws-classroom dependency. Before running the recipe, confirm you are using the intended Google Workspace account and approved course and student details, because the commands can create a real Classroom course and send a real invitation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill performs live, state-changing actions in Google Classroom by creating a course and sending student invitations, but it does not warn the user that these commands will affect a real tenant and contact real recipients. This increases the risk of accidental course creation, unintended invitations, privacy issues, and operational disruption, especially if a user copies the recipe verbatim without realizing it is not a dry run.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal