odyssey4me/google-docs
Create and modify Google Docs documents. Read content, insert tables, apply heading styles, and manage formatting. Use when asked to edit a gdoc, write a Google document, update a doc, or format document content.
89
89%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Security
2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.80). The prompt includes examples that place OAuth client_id/client_secret directly in a config file and as CLI flags (auth setup --client-secret ...), which encourages the agent to accept and emit secret values verbatim into files/commands, creating an exfiltration risk.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). This skill directly reads and parses Google Docs content via the Documents API (see SKILL.md "documents read" and scripts/google-docs.py functions like read_document_content, export_document_as_markdown, get_document, and insert_after_anchor), which can be arbitrary user-generated/untrusted third-party content and could influence subsequent tool use or actions.
- Audited
- Security analysis