calendar-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted data from external sources without explicit sanitization or boundary markers.
- Ingestion points: The
Meeting PreparationandCalendly Booking Handlerworkflows inSKILL.mdextract data from calendar event descriptions, attendee profiles, and booking form responses. - Boundary markers: The templates do not utilize specific delimiters or instructions to prevent the agent from following commands embedded within the meeting descriptions or form answers.
- Capability inventory: The skill has the capability to send messages via
slack_notifyand modify calendar data usingcalendar_updatevia thegoogle-workspace-mcpserver. - Sanitization: There is no evidence of input validation or escaping for the external content before it is used to generate notifications or update records.
Audit Metadata