Recipe Plan Weekly Schedule

Security checks across malware telemetry and agentic risk

Overview

This is a small scheduling recipe that visibly reads Google Calendar availability and creates a calendar event, with no evidence of hidden or unrelated behavior.

Before using it, have the agent show the exact event title, calendar, date, start and end time, attendees, and description, then confirm before it runs the insert command. Check the sample dates carefully because they are hardcoded and may not match the week you intend to plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to create a calendar event, which modifies the user's Google Calendar, but the description and steps do not clearly warn that running the recipe will write to user data. This can lead to unintended calendar changes, user confusion, or unauthorized-looking event creation if the user expects a read-only scheduling review.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal