This document discusses the security risks of Google Cloud Shell. Cloud Shell provides a free Linux container with 5GB of storage and tools that can be accessed through a web browser. It is invisible to most security controls and logging within an organization. The document outlines how an attacker could use Cloud Shell to exfiltrate data by uploading files through the web interface or command line to external sites without leaving any traces in standard cloud logs. It recommends limiting access to Cloud Shell and monitoring its usage through a proxy or by inspecting traffic to port 6000 to detect any malicious activity.