Skills
skills/dpearson2699/swift-ios-skills/eventkit-calendar/Gen Agent Trust Hub

eventkit-calendar

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides patterns for fetching and processing calendar events and reminders that create a surface for indirect prompt injection. Maliciously crafted calendar entries could attempt to influence the agent's behavior.
  • Ingestion points: Data is ingested through eventStore.events(matching:) and eventStore.fetchReminders as described in SKILL.md and implemented in the CalendarManager class in references/eventkit-patterns.md.
  • Boundary markers: The provided code examples lack delimiters or system instructions designed to prevent the agent from interpreting fetched calendar data as executable instructions.
  • Capability inventory: The skill documents extensive capabilities for interacting with the system calendar, including creation, modification, and deletion of events and reminders through the EKEventStore save and remove methods.
  • Sanitization: No logic is provided for sanitizing or validating the content of retrieved events (such as titles or notes) before use.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 07:48 PM