cpa-antigravity-rt-extract

SUSPICIOUS. The skill is internally consistent, but its stated purpose is to extract and aggregate Google refresh tokens from local files, which are sensitive credentials. Even without a documented exfiltration path or supply-chain issue, the capability is credential-focused and high risk for misuse.