Recipe Email Drive Link

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google Workspace recipe that shares a Drive file and emails its link, with sensitive but disclosed actions.

Install only if you want an agent to share a specific Google Drive file and email its link. Before running it, verify the active Google account, exact file, recipient address, permission role, subject, and body; revoke the Drive permission if it was created by mistake.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill performs two externally visible side effects: it changes Google Drive permissions and sends an email to a recipient, but it does not clearly warn the user about those actions. This can lead to unintended data exposure or accidental outreach, especially if the file contains sensitive content or the recipient/address is incorrect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal