Severity: 🟡 Medium (0.53) | Type: ❓ Unclassified

Report

[Halo 3] Google Calendar OAuth scope is too broad (read+write); should be write-only Source: https://github.com/getwinharris/GutConference-phpCMS/issues/3 ## Problem (validated) `integrations/google-oauth/GoogleOAuthClient.php:22` requests scope: ``` https://www.googleapis.com/auth/calendar.events ``` This grants **read+write** access to Google Calendar. The project only creates events and never reads them. The broader scope: 1. Triggers heavier Google OAuth app verification (Sensitive scope). 2. Creates unnecessary Google Cloud IAM policy and consent-screen friction (e.g. the recent "concurrent policy change" errors in Google Cloud Console).

GameGrip Intelligence | Issue #9072 |