Executive Assistant Time Blocking

Security checks across malware telemetry and agentic risk

Overview

This scheduling skill appears purpose-aligned, but it gives the agent calendar write and deletion authority without clear user confirmation or containment.

Install only if you intend to give the agent calendar write access. Before use, require a proposed schedule preview, explicit confirmation before creating or deleting events, and a rule that deletion only applies to events the workflow created or events the user specifically named.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation condition is broad enough to trigger on general requests about scheduling or executive-assistant behavior, which can cause the skill to run in contexts the user did not explicitly intend. Because the workflow then performs calendar reads and writes, ambiguous activation increases the chance of unauthorized or surprising actions on user data.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs the agent to create calendar events and potentially delete them during overlap resolution without an explicit warning or user confirmation that calendar data will be modified. In this context, the risk is elevated because the workflow is autonomous and includes a self-healing loop that can repeatedly create and delete events, leading to unintended schedule changes or data loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal