Back to skill

Security audit

Morning Email Rollup

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it handles private Gmail and Calendar data and sends email bodies to Gemini for summaries.

Install only if you are comfortable with important/starred Gmail message bodies and calendar event titles being processed by this workflow, including Gemini summarization and delivery through the configured messaging channel. Review the Gmail query, MAX_EMAILS value, Google account, and cron schedule before enabling daily automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends email body content to the external Gemini service for summarization, but the description does not present this as a prominent privacy warning or explicit consent boundary. Because email bodies often contain sensitive personal, financial, legal, or corporate information, users may enable the skill without realizing their data is being transmitted to a third party, creating a real confidentiality risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends cleaned but still substantive email body content to the external `gemini` CLI for summarization without any disclosure, consent gate, or data-minimization control. In a skill explicitly processing private email, this creates a real confidentiality risk because sensitive message contents may be transmitted to a third-party model or logged by external tooling outside the user's expected local workflow.

Ssd 3

Medium
Confidence
95% confidence
Finding
Raw email body text is interpolated directly into the LLM prompt, so confidential content from messages is exposed verbatim to model processing and can reappear in summaries or downstream logs. Because this skill is a daily automated rollup of important emails, the context increases risk: it is likely to process high-value, sensitive communications regularly and without per-message review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.