The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill requires users to configure a remote MCP server at 'https://rube.app/mcp'. This domain is not included in the pre-approved list of trusted organizations; however, the severity is lowered because this dependency is essential for the skill's primary stated purpose.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data processing workflows. Ingestion points: Untrusted content is ingested from calendar event summaries, descriptions, and locations via tools like GOOGLECALENDAR_FIND_EVENT and GOOGLECALENDAR_EVENTS_LIST. Boundary markers: There are no instructions for the agent to use delimiters or ignore embedded instructions within event data. Capability inventory: The skill possesses high-risk capabilities including the ability to create, update, and delete calendar events. Sanitization: No input sanitization or validation of external event content is performed before processing.

google-calendar-automation