Google Docs

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Docs integration, but it can read and modify documents after the user connects a Google account through Membrane.

Install only if you trust Membrane with the Google Docs account you connect. Review the OAuth permissions, use the least-privileged account practical, and require the agent to preview and confirm any edit, replace, delete, batch update, or raw proxy request before it runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is very broad ('Manage Documents' / 'interact with Google Docs data'), which can cause an agent to invoke it for loosely related requests without strong user confirmation. In a document-editing integration, overbroad activation increases the chance of unintended reads or writes to user documents, especially when the skill also exposes destructive actions like delete, replace, and batch update.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents multiple destructive capabilities such as batch update, delete content, replace all text, and insert operations, but does not warn the agent to confirm intent before modifying documents. Without an explicit safeguard, an agent may perform irreversible or hard-to-audit edits based on ambiguous prompts, creating integrity and data-loss risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal