google-calendar-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (MEDIUM): The skill instructs the user to configure a remote MCP server from an untrusted source (
https://rube.app/mcp). This creates a dependency on an external execution environment that is not part of the trusted developer list. - Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it reads untrusted data (event titles and descriptions) and has high-privilege write capabilities (modifying and deleting events).
- Ingestion points:
GOOGLECALENDAR_FIND_EVENTandGOOGLECALENDAR_EVENTS_LISTingest data from the user's calendar which could be populated by third parties. - Boundary markers: None. The instructions do not specify any delimiters or warnings to ignore instructions inside calendar data.
- Capability inventory: The skill can create (
GOOGLECALENDAR_CREATE_EVENT), modify (GOOGLECALENDAR_PATCH_EVENT), and delete (GOOGLECALENDAR_DELETE_EVENT) calendar data. - Sanitization: No evidence of sanitization or validation of the retrieved calendar content before it is used in downstream logic.
Audit Metadata