Skills
skills/dalehurley/phpbot/check-calendar-today/Gen Agent Trust Hub

check-calendar-today

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the osascript utility to execute AppleScript commands on the host macOS system. This is the primary mechanism used to interface with the native Calendar application and fetch event data.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it processes data from calendar event titles and summaries which could contain instructions intended to subvert the agent's behavior.
  • Ingestion points: Event summaries, titles, and times retrieved from the macOS Calendar via SKILL.md procedure.
  • Boundary markers: Absent; there are no defined delimiters or instructions to ignore content within the fetched calendar data.
  • Capability inventory: Local command execution via osascript to query system applications.
  • Sanitization: Absent; the skill does not perform validation or escaping of the text retrieved from calendar events before displaying it or passing it to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:31 AM