Recipe Share Doc And Notify

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Google Workspace recipe that openly shares a Google Doc with editor access and emails the collaborator, so the risk is expected but should be handled carefully.

Before using it, confirm the Google account, document ID, recipient email, and that editor access is really intended; use viewer or commenter access instead when edit access is not necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill performs two externally visible actions with security and privacy implications: it grants edit access to a Google Doc and sends an email to a collaborator, but it does not warn the user about either action. In a recipe skill, this omission can lead to unintended sharing, over-permissive access, and accidental disclosure if the document or recipient is incorrect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal