appointment-scheduler

If a crafted booking ID reaches this path, canceling with waitlist notification could run unintended shell commands under the user’s account.

bookingId comes from command-line arguments and is inserted into a shell command string without validation or an argument array.

A malformed date containing path traversal sequences could read or write JSON files outside the intended appointments directory, potentially corrupting workspace configuration or data.

The user-supplied date argument is used directly in a filesystem path; similar date-based path construction appears in booking/schedule scripts.

Calendar sync can add customer appointment details to the user’s Google Calendar and the stored token may grant broad calendar access.

The Google Calendar integration uses local OAuth credential/token files and requests broad Calendar API access.

Customer names, phone numbers, emails, attendance history, and reminder status may remain in local workspace files across sessions.

The skill persistently stores customer appointments, contacts, no-show history, flagged-customer records, and reminder logs.

If the user installs the cron entries, the skill’s reminder or sync scripts will keep running on a schedule until removed.

The documentation suggests user-configured cron jobs for recurring reminders and calendar sync.

Installing npm packages is expected for these Node scripts, but it pulls third-party code into the local environment.

The skill is listed as having no install spec, but its setup guide asks the user to install npm dependencies; package.json and package-lock.json are present.