The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes gcalcli subcommands via the system shell. It specifically instructs the agent to use the --iamaexpert flag for deletions, which is designed to bypass interactive confirmation prompts, enabling automated destructive operations without a human-in-the-loop safety check.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from Google Calendar event titles and descriptions which are then used as arguments in shell commands. 1. Ingestion points: Event data is fetched from external calendars via gcalcli commands described in SKILL.md. 2. Boundary markers: The instructions recommend quoting queries, but this is insufficient to prevent sophisticated shell injection or logic manipulation. 3. Capability inventory: The skill utilizes subprocess execution of the gcalcli tool for all operations. 4. Sanitization: There is no explicit requirement or mechanism provided for sanitizing or escaping shell metacharacters from the external event data before it is interpolated into commands.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the gcalcli utility from external package registries like PyPI or via Homebrew, as noted in the README.md and SKILL.md.

gcalcli-calendar