google-workspace

[Skill Scanner] [Documentation context] Installation of third-party script detected The skill's stated purpose and requested capabilities are consistent with a Google Workspace helper. However, there are notable supply-chain and data-flow risks: (1) defaulting to a cloud-hosted auth flow (GOOGLE_WORKSPACE_CLOUD_FUNCTION_URL) can cause OAuth codes/tokens to be routed through a third-party endpoint, which is disproportionate and risky unless the endpoint is fully trusted and audited; (2) auto-installing npm dependencies at first run without pinned versions is a supply-chain exposure; (3) environment overrides that let an attacker change endpoints or token locations increase the attack surface. No explicit malicious code is present in the provided manifest, but absent the actual script source I cannot rule out credential-forwarding behavior. Recommend treating this skill as suspicious: prefer local OAuth mode with local credentials.json, pin dependencies, and audit the auth.js/common.js implementations to verify tokens are exchanged only with Google endpoints and never posted to untrusted third-party URLs. LLM verification: [LLM Escalated] The skill's stated purpose (local helper scripts for Google Workspace OAuth and API calls) aligns with the documented capabilities. However, two supply-chain/credential-forwarding patterns increase risk: defaulting to a cloud-hosted OAuth broker (GOOGLE_WORKSPACE_CLOUD_FUNCTION_URL) can route tokens through a third-party host, and the auto-install-on-first-run (npm install) pattern fetches dependencies without documented pinning or integrity checks. No explicit malicious code is evident in the d