pdf-design

SUSPICIOUS: The core PDF design and preview behavior is coherent, but the skill also reads a raw Google OAuth token from a hardcoded local path and can upload files to fixed Google Drive folders. Data flows go to official Google endpoints rather than a third-party proxy, so this is not confirmed malware, but the credential-file access and user-specific upload wiring make the skill higher risk than a normal local document-design tool.