gcp-workspace-pivot

This fragment is a clear malicious intrusion/post-exploitation playbook for Google Workspace. It provides concrete API calls to search and exfiltrate Gmail/Drive/Calendar/Chat data, send phishing emails via impersonation, and establish persistence via Gmail forwarding/filters, delegated access, admin role escalation, OAuth long-lived tokens, and Domain-Wide Delegation backdoors. There is no benign software behavior; it is explicitly offensive guidance. Recommend treating the associated package/document/process as high-risk and blocking/isolating it; review for provenance and removal of malicious content.

该技能不是普通云管理或审计指南，而是面向 GCP→Google Workspace 穿越攻击的进攻性技能，包含凭据滥用、数据窃取、持久化和规避检测说明。即使大多调用官方 Google API，其目的与实际能力高度一致地服务于未授权入侵，整体应判定为恶意。