AgentReadyHomeAgent Listing

← gdrive-mcp-server

gdrive-mcp-server — agentic threat model

8.9AIVSS 8.9 · High

This agent acts as a direct bridge between LLMs and a user's Google Drive via the Model Context Protocol, presenting a high-risk profile due to full read/write/delete capabilities that can be abused via prompt injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.6AARS uplift 0.72Factor sum 4.7/10Threat ×1.1Mitigation ×0.95
Autonomy of Action
0.70
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.70
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The server itself does not bundle a specific foundation model, but it exposes Google Drive tools to external LLMs which are highly vulnerable to indirect prompt injection via malicious files stored in the user's Drive.

L2 · Data Operations✓ mapped

The agent directly reads, searches, and writes to Google Drive. This creates a massive data exfiltration and data poisoning surface, as malicious documents can inject instructions or steal sensitive user data when parsed.

L3 · Agent Frameworks✓ mapped

Implements the Model Context Protocol (MCP) to expose file system tools (list, search, read, create, update, delete). Insecure tool integration or lack of strict schema validation could allow arbitrary file manipulation or path traversal.

L4 · Deployment & Infrastructure✓ mapped

The server stores a cookie encryption key and handles Google OAuth tokens. Compromise of the hosting environment or local storage would expose these secrets, leading to complete unauthorized access to the user's Google Drive.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, audit trails, or guardrails to monitor and block anomalous file operations (such as bulk deletions or mass exfiltration attempts).

L6 · Security & Compliance (cross-cutting)✓ mapped

Uses Google OAuth for authentication, which is a strong standard, but once authorized, it requests full read/write scopes without granular, file-level authorization policies or human-in-the-loop confirmations.

L7 · Agent Ecosystem✓ mapped

Designed to plug into MCP-compatible assistants. This introduces multi-agent cascading risks where a compromised orchestrator or secondary agent can abuse this server to silently wipe or exfiltrate the user's entire Drive.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).