google-workspace-integrator

The manifest defines a high-privilege Google Workspace connector with operations that can access and transmit sensitive user data (emails, calendar events) and manage OAuth tokens. Because the actual implementation (dist/index.js) is not provided and key deployment details are missing (OAuth scopes, token storage, telemetry endpoints, safeguards for send-email), the component should be treated as medium-risk. Prior to adoption, obtain and audit the referenced implementation, confirm minimal required OAuth scopes, ensure secure token storage (prefer OS keychain or encrypted store), validate that no third-party proxies or telemetry receive tokens or content, and require explicit user confirmation for sending emails. If the implementation cannot be audited (closed or minified without source), consider this package risky and avoid use in sensitive environments.