Skills
skills/aws-samples/sample-strands-agent-with-agentcore/google-calendar/Gen Agent Trust Hub

google-calendar

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
  • Ingestion points: Tools such as list_events and get_event retrieve event summaries and descriptions which can be authored by external parties (e.g., meeting organizers).
  • Boundary markers: There are no delimiters or instructions provided to the agent to treat the ingested calendar data as untrusted or to ignore embedded commands.
  • Capability inventory: The skill provides write and delete capabilities via create_event, update_event, delete_event, and quick_add_event, which could be triggered by malicious instructions embedded in a calendar invite.
  • Sanitization: There is no evidence of input sanitization or validation of the retrieved event content before it is processed by the agent.
  • [DATA_EXFILTRATION]: The skill provides access to potentially sensitive information.
  • Tools can retrieve attendee email addresses, meeting locations, and private notes, which could be exposed if the agent's context is manipulated by an attacker.
  • [NO_CODE]: The skill consists solely of tool definitions in markdown.
  • It lacks the underlying implementation code (e.g., Python or JavaScript scripts) and dependency manifests required to actually perform the described operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:09 AM