pdf-design

SUSPICIOUS: The core PDF design/generation features are coherent with the stated purpose, and the external upload target is official Google Drive rather than a credential-harvesting proxy. However, the skill reads a raw local OAuth token file, uses hardcoded user-specific paths/folder IDs, and references an unverifiable local helper script, making the credential handling and execution trust broader than necessary for a simple PDF design workflow.