google-slides

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The OAuth flow intentionally routes authorization and refresh operations through an external third‑party cloud function (https://google-workspace-extension.geminicli.com), meaning authorization codes and refresh tokens can be received/processed by that service (allowing credential capture/long‑term access to the user's Google Drive/Slides), and the code also requests write scopes despite README claiming read‑only; no other obfuscated backdoors or remote‑exec code were found.