pp-outlook-calendar

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of a CLI tool via npx -y @mvanhorn/printing-press install outlook-calendar --cli-only. This downloads and executes code from a package repository associated with the skill's vendor namespace.
  • [DATA_EXFILTRATION]: The underlying CLI tool supports a --deliver webhook:<url> flag, which allows the output of calendar operations (such as event lists or meeting details) to be sent to an arbitrary external URL. While this is a documented feature of the utility, it provides a functional surface for data exfiltration if the agent is directed to use it maliciously.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes and displays content from external calendar invites and event bodies.
  • Ingestion points: Data enters the agent's context through commands like prep, events list, and events search, which fetch meeting subjects, organizers, and body excerpts from Microsoft Graph.
  • Boundary markers: No explicit boundary markers or instructions to ignore instructions embedded in the calendar data are provided in the skill's prompts.
  • Capability inventory: The skill possesses the Read Bash tool, allowing it to execute the CLI and potentially other shell commands based on the ingested data.
  • Sanitization: The skill does not describe any sanitization or filtering of the fetched calendar data before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 05:47 AM
Security Audit — agent-trust-hub — pp-outlook-calendar