google-calendar
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection due to its ability to read external data and perform actions based on it. \n
- Ingestion points: The
list_eventsfunction inscripts/google_calendar.pyingests event data (summaries, descriptions) from the Google Calendar API. \n - Boundary markers: Absent. The skill does not provide delimiters or instructions to the agent to treat calendar content as untrusted data. \n
- Capability inventory: The
create_eventfunction inscripts/google_calendar.pyallows the agent to perform write operations (creating events). \n - Sanitization: Absent. No filtering or sanitization is performed on meeting data before it is presented to the agent. \n- [DATA_EXFILTRATION] (HIGH): The script accesses sensitive credential files in the user's home directory. \n
- Evidence: The script accesses
credentials.jsonandtoken.jsonwithin the~/.calendar_credentials/directory. These files contain sensitive OAuth 2.0 secrets and tokens that provide access to the user's Google account data. While used for legitimate API communication, this represents high-severity sensitive path access.
Recommendations
- AI detected serious security threats
Audit Metadata