Google Sheets

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Sheets connector skill that can read and modify spreadsheets, with global safety instructions to confirm write and destructive actions.

Install only if you are comfortable letting the agent use your connected OOMOL/Google Sheets account to read and change spreadsheets. Confirm the exact spreadsheet, range, and payload before append/update/create actions, and require explicit approval before clear or delete actions. Treat the one-time CLI install and OAuth connection steps as account setup, not routine action execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This documentation exposes a write-capable append action and encourages its use for any Google Sheets request, but it does not warn that the operation modifies remote spreadsheet data or recommend confirmation before execution. In an agent setting, that omission increases the chance of unintended or unauthorized data modification because an automated system may treat the action as routine and perform destructive or privacy-impacting writes without explicit user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal