gdrive-access

SUSPICIOUS. The skill’s stated purpose matches Google Drive access, but its core operation depends on a locally built, insufficiently verifiable `gdrive` CLI that receives credential references and persists OAuth tokens. That combination is broader and riskier than a direct, official API integration, so the main concern is supply-chain trust and credential forwarding rather than confirmed malicious exfiltration.