Event Cancellation Reconciler

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate calendar cleanup purpose, but it can change or delete calendar events from email-derived information without a clear user confirmation step.

Install only if you are comfortable giving an agent calendar write authority. Before using it, add or enforce a manual preview and confirmation step, require strong matching by title, organizer, date, and time, and prefer marking events cancelled over deleting them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation condition is broad enough to trigger not only on explicit cancellation-handling requests, but also while merely reading emails that mention cancellation or rescheduling. In this skill’s context, that is dangerous because the workflow culminates in deleting or mutating calendar events, creating a real risk of unintended state changes from ambiguous or passive user actions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The procedure instructs the agent to delete an event or mark it cancelled without warning the user that calendar data may be modified or removed. Because this is a calendar-reconciliation skill operating on live state, the missing warning and confirmation step materially increases the chance of destructive, unexpected actions being taken on the user’s behalf.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal