Outlook Calendar (M365)

The skill's purpose is to read Outlook calendar events, which it achieves by requiring the user to store credentials in `~/.outlook/config.json` and then using Playwright to perform MFA login and extract a Bearer Token. All network communication is directed to Microsoft domains, and there is no evidence of data exfiltration to unauthorized endpoints, persistence mechanisms, or malicious prompt injection in `SKILL.md`. However, both `login.py` and `owa_calendar.py` launch Playwright with `--no-sandbox` and `--disable-dev-shm-usage` arguments. The `--no-sandbox` argument, while common in containerized automation, reduces the security isolation of the browser process, presenting a vulnerability. The direct handling of user credentials (password) from a local file, though necessary for the skill's function, also represents a risky capability.