google-drive-automation

SUSPICIOUS. The skill's Drive operations broadly match its stated purpose, but two documentation inconsistencies materially weaken trust: the claim that token refresh uses 'Google's cloud function' instead of Google's standard OAuth token endpoint, and the unsupported assertion that personal Gmail accounts cannot be used. Because it grants full Drive read/write and processes OAuth tokens through custom local scripts whose endpoints are not shown, the data-flow and credential-handling risk is medium-high even without evidence of confirmed malware.