cal-com-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server endpoint at https://rube.app/mcp. This introduces a dependency on a third-party service provider (rube.app) for the tool definitions and execution environment.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external, untrusted data from Cal.com bookings and attendee profiles.
- Ingestion points: Data enters the agent context through tools like
CAL_FETCH_ALL_BOOKINGS(fetching booking metadata) andCAL_GET_TEAM_INFORMATION_BY_TEAM_ID(fetching team member data). - Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to ignore instructions that might be embedded in the retrieved booking or attendee data.
- Capability inventory: The skill possesses significant write capabilities, including
CAL_POST_NEW_BOOKING_REQUEST(creating bookings),CAL_UPDATE_WEBHOOK_BY_ID(configuring webhook destination URLs), andCAL_CREATE_TEAM_IN_ORGANIZATION(modifying team structures). - Sanitization: Absent. There is no evidence of input validation or content sanitization for data retrieved from external API calls before it is used in the agent's internal reasoning.
Audit Metadata