Google Drive Delete File

Security checks across malware telemetry and agentic risk

Overview

This skill openly does one narrow thing: it lets an agent move a specified Google Drive file to trash with the existing gog CLI, but users should require explicit confirmation before use.

Install only if you want agents to be able to trash Google Drive files through your authenticated gog CLI. Use it only on explicit deletion requests, verify the target file ID or file metadata first, and avoid autonomous use where accidental Drive deletion would be costly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly instructs the agent to execute a Google Drive delete operation but provides no warning, confirmation step, or validation guidance before performing an irreversible or hard-to-recover destructive action. In an agentic context, this increases the likelihood of accidental deletion, misuse from ambiguous prompts, or unsafe automation against the wrong file ID.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal