gmail-multi-inbox

SUSPICIOUS. The skill's purpose and core capabilities are coherent, and its Google Apps Script/Gmail API usage aligns with documented Google functionality. The main risk is data-flow and trust: inbox scanning depends on an unspecified third-party Gmail MCP connector with no verifiable provenance, so potentially sensitive email data may transit an unvetted intermediary. This is not confirmed malware, but it is a medium-risk skill because a sensitive mailbox integration is routed through an unverified connector.