Back to skill

Security audit

Email Cleanup

Security checks across malware telemetry and agentic risk

Overview

This Outlook cleanup skill is transparent and non-executable, but it asks for high-risk mailbox-rule access and contains conflicting guidance that could allow persistent mail forwarding rules.

Install only if you trust the Microsoft Graph runtime and can verify it blocks forwardTo, forwardAsAttachmentTo, redirectTo, delete, and permanentDelete rule actions. Prefer folder cleanup or audit-only mode if you do not need rule creation, avoid autonomous invocation, and be ready to revoke Microsoft OAuth consent if unexpected rules appear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill states that agents should never create forwarding, redirect, or delete rules because they can silently exfiltrate mail or destroy data, but then weakens that stance by allowing forwarding if the user confirms a destination. In an agent setting, that exception is dangerous because a compromised runtime, prompt injection, or user-confusion scenario could still result in persistent mailbox exfiltration through inbox rules.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.