After learning about Google Script with some friends, we wanted to see if we could find bugs/features in it.
We figured out that any user could send 999 Google Drive files per day, and each of them would send an email to the target saying that a file was shared with them.
After we tried changing the owner of the file to be the target, and one friend tried the script on me. I noticed that my Google Drive started filling up without me doing anything. This should not be possible.
All of this could be done automatically by a Google Script:
This would fill up the target's Google Drive without them doing anything, while not affecting you.
This being my first report, it was not well written.
After the report was submitted, I received a response saying that the report will be looked into.
Thanks for reporting this issue. We appreciate you taking the time to help us improve security.
We've taken a look and can confirm that this is a duplicate of an existing bug that we're already tracking. Unfortunately, this excludes the report from our reward program -- duplicate submissions don't qualify for reward or credit.
Best of luck in your future bug hunting."