Google app script publish require CASA verification after initial OAuth verification. Is there any way to avoid it?

Question

I have completed initial OAuth verification process for the scopes I have been using in the app. (see scopes detail below).

Now Google verification team is requesting CASA verification process as you can see in email screenshot attached too. So getting to my question, is this verification requested because I am using external_request scope? or there is any other reason behind it?

I published another app too with same scopes except drive and external_request scopes and it's successfully published. Thats why I am asking that some scope could be responsible for it.

Project OAuth Scopes 5 Scopes Requested

See, edit, create, and delete all of your Google Drive files https://www.googleapis.com/auth/drive

See, edit, create, and delete all your Google Sheets spreadsheetshttps://www.googleapis.com/auth/spreadsheets

Connect to an external service https://www.googleapis.com/auth/script.external_request

Display and run third-party web content in prompts and sidebars inside Google applications https://www.googleapis.com/auth/script.container.ui

See, edit, create, and delete all your Google Docs documents https://www.googleapis.com/auth/documents

Answer 1

As TheAddonDepot mentioned in this comment, it was the https://www.googleapis.com/auth/drive scope that triggered the security assessment. Instead I will try to use https://www.googleapis.com/auth/drive.file scope for now. It was also confirmed when I emailed google about this issue.