google-workspace

SUSPICIOUS. The core purpose is coherent and the visible data flow appears to target official Google APIs, so this is not strongly indicative of malware. However, the skill combines broad OAuth-backed Workspace access, arbitrary JS execution, and undocumented first-run dependency installation, creating medium security risk and limited install-trust transparency.