Back to skill

Security audit

Tmp.LID7L3b47R

Security checks across malware telemetry and agentic risk

Overview

This Google Workspace skill is sensitive but coherent: it discloses Google OAuth access, uses read-only defaults for Gmail and Contacts, and gates write actions behind configuration.

Install only if you trust this publisher with Google Workspace access. Review the enabled scopes with `google-workspace config show`, keep Docs/Sheets/Drive write modes off unless needed, and avoid enabling Drive readwrite unless you accept broad Drive-file access at the token level.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation text is very broad and can match common requests involving names, emails, phones, org charts, or general People API queries without clearly scoping when the skill should or should not run. Because this skill accesses personal contacts and Workspace directory data, over-triggering could cause unnecessary exposure of sensitive directory information or cause the agent to use this capability when the user did not intend contact or directory access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes powerful access to personal contacts, Workspace directory entries, profile fields, manager/reports relationships, and raw People API output, but it does not warn users that these operations may access sensitive personal and organizational data. Without a clear user-facing privacy warning, users may not understand the scope of data exposure, increasing the risk of inadvertent disclosure of contact details, reporting chains, or profile metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.