Back to skill

Security audit

Recipe Share Folder With Team

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Google Drive sharing recipe, but users should confirm the folder contents and recipients before running it.

Before using this skill, verify the active Google account, exact folder ID, current folder contents, recipient email addresses, and whether each person needs editor access. Be aware that sharing a folder can expose its current contents and that permissions may remain active until removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The recipe instructs users to share a Google Drive folder with collaborators but does not warn that granting access to the folder exposes all current contents, which can include sensitive documents, spreadsheets, and sub-items. In a productivity automation context, this omission increases the risk of accidental over-sharing because users may treat the action as limited to the folder shell rather than the full contents it reveals.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.