Recipe Share Event Materials

Security checks across malware telemetry and agentic risk

Overview

This is a transparent recipe for sharing a selected Google Drive file with calendar event attendees, but users should review recipients before granting access.

Install only if you trust the gws tooling and the referenced Google Workspace skills. Before running it, confirm the exact calendar event, Drive file, and attendee list, especially for meetings with external guests or large distribution lists; revoke Drive permissions afterward if access should be temporary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill automates granting Google Drive access to every attendee on a calendar event but provides no warning, confirmation, or filtering around the privacy implications of doing so. This can lead to unintended disclosure of documents to external guests, large distribution lists, or participants who were invited accidentally, especially because the recipe presents the action as a straightforward bulk-sharing workflow.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal