gmail-automation

SUSPICIOUS: the core capability set is coherent for a Gmail automation skill, and no obvious malware or off-purpose credential harvesting is shown. However, provenance is weak, the token-refresh description does not match standard Google OAuth docs, and the skill enables high-impact actions like sending mail; treat it as medium risk unless the scripts and exact Google endpoints are independently verified.