cal-com-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the configuration of an external MCP server at
https://rube.app/mcp. This domain is not a trusted source. External MCP servers can provide untrusted tool definitions that the agent executes, effectively acting as a remote dependency with access to the agent's context. - DATA_EXFILTRATION (LOW): Sensitive data including booking details, attendee emails, and calendar availability is processed through the
rube.appservice. The documentation states that no API keys are required, which implies the external service may be handling authentication tokens or session data, posing a risk of unauthorized data access or logging by the service provider. - INDIRECT_PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection. 1. Ingestion points: Data retrieved from Cal.com via
CAL_FETCH_ALL_BOOKINGS(attendee names, metadata) andCAL_RETRIEVE_CALENDAR_BUSY_TIMESenter the agent context. 2. Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the calendar data. 3. Capability inventory: The skill has broad write permissions, including booking creation and webhook management. 4. Sanitization: No evidence of sanitization for attendee-provided strings is present, which could allow malicious content in a booking request to influence the agent's behavior during listing or review tasks.
Audit Metadata