calendly-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to add an external MCP server endpoint 'https://rube.app/mcp' to their configuration. This domain is not part of the trusted vendors list and represents a remote dependency required for the skill's core functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data processing workflows.
- Ingestion points: The skill ingests untrusted data from Calendly via 'CALENDLY_LIST_EVENTS' (event descriptions, titles) and 'CALENDLY_LIST_EVENT_INVITEES' (invitee names, notes).
- Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat external Calendly data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill possesses impactful capabilities including 'CALENDLY_CANCEL_EVENT' (irreversible action), 'CALENDLY_CREATE_ORGANIZATION_INVITATION', and 'CALENDLY_REMOVE_USER_FROM_ORGANIZATION'.
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from the Calendly API before it is processed by the agent.
Audit Metadata