Gog Jasmine Yottol

The skill bundle includes a hardcoded Google OAuth client_secret within the 'credentials.json' file, which is a significant security risk and credential leak. While the 'gog' CLI tool (installed via a third-party brew tap) is a legitimate utility for managing Google Workspace, the inclusion of static credentials and the broad access it grants to sensitive data (Gmail, Drive, Contacts) via an AI agent warrants caution. There is no explicit evidence of malicious intent, but the credential exposure is a critical vulnerability.