Google Drive

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Google Drive management helper, but users should be careful because it can read, upload, share, move, and trash Drive files.

Install only if you trust Porteden with the Google Drive account you connect. Before running share, public-access, move, upload, or delete commands, verify the exact file ID, recipient email/domain, role, and account profile; prefer least-privilege Drive scopes and treat public links as potentially exposing sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill advertises listing, reading, sharing, and permission-management capabilities over Google Drive, including public sharing, but the top-level description does not prominently warn about privacy exposure or require explicit confirmation for high-impact actions. In an agent setting, this increases the chance that sensitive files are unintentionally exposed or reshared because dangerous capabilities are normalized up front without corresponding safety framing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal