Briefing (Calendar Agenda, Weather, Pending To-Dos)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed daily briefing helper that combines calendar, todo, and weather data, with privacy considerations around scheduled or chat-channel delivery.

Install this if you want an agent-generated daily briefing from your own calendar, todos, and weather tools. Review the companion calendar and todo skills before use, and only enable scheduled delivery to private, trusted channels because the briefing may include sensitive schedule, task, and location-related details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README explicitly says the skill is available for the agent to invoke when 'contextually appropriate,' which is an underspecified trigger for a skill that aggregates personal calendar, todo, and weather data. That ambiguity can cause the agent to activate the skill without clear user intent, leading to unnecessary disclosure of sensitive schedule or task information and unexpected network/tool use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal