Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill instructs users to configure OAuth credentials and authorize broad Google Workspace scopes without warning that the client secret file and granted tokens can expose highly sensitive Gmail, Drive, Calendar, Contacts, Sheets, and Docs data. In an agent context, users may follow setup steps without understanding the security implications, increasing the risk of overbroad access and mishandling of credential material.
