pp-outlook-calendar
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of a CLI tool via
npx -y @mvanhorn/printing-press install outlook-calendar --cli-only. This downloads and executes code from a package repository associated with the skill's vendor namespace. - [DATA_EXFILTRATION]: The underlying CLI tool supports a
--deliver webhook:<url>flag, which allows the output of calendar operations (such as event lists or meeting details) to be sent to an arbitrary external URL. While this is a documented feature of the utility, it provides a functional surface for data exfiltration if the agent is directed to use it maliciously. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes and displays content from external calendar invites and event bodies.
- Ingestion points: Data enters the agent's context through commands like
prep,events list, andevents search, which fetch meeting subjects, organizers, and body excerpts from Microsoft Graph. - Boundary markers: No explicit boundary markers or instructions to ignore instructions embedded in the calendar data are provided in the skill's prompts.
- Capability inventory: The skill possesses the
Read Bashtool, allowing it to execute the CLI and potentially other shell commands based on the ingested data. - Sanitization: The skill does not describe any sanitization or filtering of the fetched calendar data before it is presented to the agent.
Audit Metadata