Google Calendar Find Event

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow Google Calendar search helper that can reveal calendar event details from the configured gog account, but its behavior is disclosed and read-only.

Install only if you trust the gog CLI already on your machine and are comfortable letting the agent query the Google Calendar account configured there. Use clear requests with a bounded date range, calendar scope, and search term when possible, because returned event titles and metadata may be private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The invocation condition is very broad: any request to find events or check a schedule for a period or subject leads directly to executing the `gog` CLI with caller-supplied arguments. In an agent setting, vague triggers increase the chance of overbroad data access, unintended calendar queries, or use in contexts where the user did not clearly authorize searching potentially sensitive event metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal