outlook-calendar-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): This skill is vulnerable to indirect prompt injection because it processes untrusted data from external meeting invitations and calendar events.
- Ingestion points:
OUTLOOK_LIST_EVENTS,OUTLOOK_GET_EVENT, andOUTLOOK_GET_CALENDAR_VIEWretrieve event subjects and body content that may contain malicious instructions. - Boundary markers: No boundary markers or "ignore instructions" delimiters are specified in the prompt logic to isolate untrusted data.
- Capability inventory: The skill has high-impact capabilities including
OUTLOOK_CALENDAR_CREATE_EVENT,OUTLOOK_UPDATE_CALENDAR_EVENT, andOUTLOOK_DELETE_EVENTwhich could be triggered by injected instructions. - Sanitization: No sanitization or validation of the retrieved calendar content is mentioned.
- External Downloads (LOW): The setup instructions direct the user to add an external MCP server endpoint (
https://rube.app/mcp). While this is the standard gateway for Rube/Composio integrations, users should ensure they trust the provider of the MCP proxy.
Audit Metadata