Skills
skills/aaaaqwq/claude-code-skills/google-calendar-automation/Gen Agent Trust Hub

google-calendar-automation

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions direct users to add an external MCP server from https://rube.app/mcp. This domain is not listed in the trusted organizations or repositories list. As the MCP server defines the tool schemas and execution logic, this creates a dependency on an unverified third-party provider.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the way it processes calendar data.
  • Ingestion points: Data from external calendar events is ingested via tools such as GOOGLECALENDAR_FIND_EVENT and GOOGLECALENDAR_EVENTS_LIST (File: SKILL.md).
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to treat calendar summaries or descriptions as untrusted data.
  • Capability inventory: The skill has significant write capabilities including GOOGLECALENDAR_CREATE_EVENT, GOOGLECALENDAR_PATCH_EVENT, and GOOGLECALENDAR_DELETE_EVENT (File: SKILL.md).
  • Sanitization: Absent. There is no logic provided to sanitize or validate the content of calendar events before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 03:09 PM