google-workspace

The skill's stated purpose—unified Google Workspace management across three accounts with cross-account capabilities—is broadly coherent with the described operations and authentication flow. However, there are notable security considerations: sensitive credentials stored in a local, potentially unencrypted path; explicit per-action consent for cross-account data movements is not described; and no explicit secret management or rotation policy is provided. While no malicious external downloads or unverifiable binaries are present, the footprint is high-_privilege and requires strong per-action authorization, explicit user consent prompts for cross-account actions, and explicit secret management. Overall, the risk profile is MEDIUM: benign in intent but with elevated data-access and credential-exposure concerns that warrant tightening scopes, consent prompts, and secret handling.