Security audit

Google Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Calendar integration, but users should be careful because it can read, create, update, and delete calendar events through AgentPMT.

Install only if you are comfortable connecting Google Calendar through AgentPMT with permissions that can read calendar details and modify or delete events. Require your agent to show the target event and ask before deleting, changing attendees, changing recurrence, or sending notifications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Low

Confidence: 91% confidence
Finding: The schema exposes several read capabilities (`get_event`, `list_calendars`, `list_events`, `search_events`) that go beyond the stated skill description scope of create/update/delete and availability checking. This mismatch can cause an agent or reviewer to underestimate the data-access surface, enabling unintended retrieval of calendar metadata, event contents, attendees, locations, and descriptions from user-accessible calendars.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill includes broad activation phrases such as generic scheduling and availability terms without explicit narrowing conditions or negative examples, which increases the chance an agent will invoke this tool in ambiguous situations. In this context, an unnecessary invocation can expose calendar contents or trigger side-effecting actions on a user's behalf when a less-privileged response would have sufficed.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill exposes destructive and user-impacting operations like delete_event and attendee-modifying update_event, but the surrounding guidance does not require an explicit warning or confirmation before cancellations, attendee replacement, or notification-triggering changes. In a calendar context, mistaken execution can cancel meetings, spam attendees, or silently alter schedules with real operational consequences.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The delete operation is destructive and the schema documentation provides no warning, confirmation requirement, or safer usage note. In an agent-driven context, this increases the risk of accidental or prompt-induced deletion of calendar events, potentially causing disruption, missed meetings, and unintended attendee notifications.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.