Google Workspace

Security checks across malware telemetry and agentic risk

Overview

This is a plausible Google Workspace management skill, but it can let an agent make broad authenticated admin changes without clear confirmation safeguards.

Install only if you intend to let Membrane mediate Google Workspace access. Use a least-privileged Workspace account, review OAuth scopes during connection, require explicit confirmation before any create/update/delete or non-GET proxy request, verify the tenant and target IDs, and revoke the connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents destructive administrative actions such as deleting users, groups, and organizational units without any guardrails, confirmation requirements, or warnings about irreversible effects. In an agent setting, this increases the likelihood of accidental or overly broad destructive operations against a live Google Workspace tenant.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The proxy request feature allows arbitrary authenticated requests to Google Workspace APIs, including write and delete methods, but the documentation does not warn about the elevated risk or impose any constraints. This materially expands the attack surface because an agent can bypass curated actions and perform powerful administrative operations directly through the proxy.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal