Google Calendar Create Event

Security checks across malware telemetry and agentic risk

Overview

This skill only describes creating Google Calendar events with a CLI, which matches its stated purpose, though users should confirm event details before allowing writes.

Install only if you want the agent to create Google Calendar events through gog. Before execution, verify the title, calendar, start and end time, timezone, attendees, and whether you intended a real calendar write.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation condition is overly broad: any request to schedule or create an event can trigger direct execution of the calendar creation command without additional validation, user confirmation, or policy constraints. In an agent setting, this increases the chance of unintended calendar modifications from ambiguous prompts, prompt injection chains, or mistaken task interpretation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal