Is Anyone Else Concerned About Apps Having Access to Our Google Workspace and Slack?

Hey everyone, I've been working in a Security Operations Center (SOC) for a while now, and I recently started looking into the Google Workspace and Slack integrations used by our company. Honestly, it feels like a chaotic mess. We have a ton of "Zombie Apps" that were authorized by former employees or interns years ago. Some of these obscure Chrome extensions or productivity bots have extensive permissions, like `drive.readonly` and `channels:history`. If any of these small development teams get hacked, they could potentially access our sensitive data without us even knowing. I'm struggling with a few challenges:

1. Figuring out who approved which apps without having to sift through endless menus.
2. Understanding which types of permissions are really "dangerous" versus those that are merely standard.
3. Revoking access to these apps without disrupting existing workflows that I might not be aware of.

So I'm reaching out to the more experienced folks here: How are you handling this issue? Are you relying solely on the built-in Admin consoles, which can feel quite cumbersome, or have you developed your own custom scripts for better management? I'm also thinking about creating a small tool that generates a "Risk Report" for every connected OAuth app, highlighting the high-risk ones and simplifying the revocation process. Is this something you've already solved, or would you find this kind of tool helpful? Am I overreacting to the risks involved?