google-sheets

This module manages OAuth tokens locally but transmits refresh tokens to an external cloud service (https://google-workspace-extension.geminicli.com) via refresh_access_token. The redirect_uri used in the auth URL points to that same external domain rather than localhost, creating a flow where a third party participates in token exchange. These behaviors amount to exfiltration of sensitive credentials to an external service and are a significant supply-chain/privacy risk. If you do not explicitly trust the owner/operator of the cloud function, do not use this package. From the code provided: do not consider it safe by default; treat it as potentially malicious or at least high-risk for credential exposure.