cal-com-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill instructs users to connect to an external MCP server hosted at https://rube.app/mcp. This domain is not on the trusted source list, requiring users to verify the provider before use.
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted data from Cal.com bookings and attendees. Ingestion points: Untrusted data enters via tools like CAL_FETCH_ALL_BOOKINGS in SKILL.md. Boundary markers: There are no explicit markers or instructions for the agent to ignore embedded commands in the retrieved data. Capability inventory: The skill can perform sensitive write operations such as CAL_POST_NEW_BOOKING_REQUEST and CAL_UPDATE_WEBHOOK_BY_ID. Sanitization: No sanitization or validation of external attendee data is described.
Audit Metadata