Does anyone else collect mementos from successful hacks?



Its saved in a folder named “hackety hack hack”


Absolutely not.

You’re performing freelance work for an organisation, it’s your responsibility to appropriately remove this content post-engagement (in this case, report). At minimum, hold it only offline and encrypt.

In this case you’ve synced this to a cloud based resource. Were you compromised, or your Google account compromised, so would all that information be. This isn’t whitehat, it’s very decidedly grey, I’d suggest removing it - or at least renaming your folder.