Back to skill

Security audit

Shift Scheduler

Security checks across malware telemetry and agentic risk

Overview

This is a coherent staff scheduling skill, but it should be configured carefully because it handles employee schedules and contact details.

Install only where the agent is allowed to access employee scheduling data. Use private, role-limited schedule sources rather than public-read links, require authenticated staff identity for personal shift queries, restrict manager-wide views and schedule changes to managers, and define retention rules for archives, swap history, leave requests, and contact fields.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include very broad terms such as 'schedule' and '班表', which can match ordinary conversation and cause unintended activation. In a skill that accesses employee schedules, reminders, routing, and manager workflows, accidental invocation could expose staffing information or initiate actions in the wrong context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill processes employee schedule data, leave requests, swap requests, and proactive notifications, but the documentation does not state any user-facing warning, consent, or privacy handling expectations. Because this involves potentially sensitive workforce and attendance data plus outbound notifications to managers and staff, lack of transparency increases the risk of unauthorized disclosure or surprising data use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly recommends using a public-read Google Sheets link or service-account access for employee schedule data, which commonly includes names, work locations, and potentially other staffing metadata. In a shift-scheduling skill, that creates a realistic risk of unnecessary exposure of employee operational and personal data to anyone with the link or to overprivileged integrations.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The normalized schema includes a manager phone field, which is personally identifiable contact data, but the documentation gives no handling, masking, retention, or access-control guidance. In a scheduling assistant, exposed manager phone numbers could enable unwanted contact, social engineering, or broader privacy violations, even if the impact is narrower than full schedule disclosure.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.