calendar
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted calendar data that could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: The
eventsfield in bothCalendarConfigandMeetingPickerConfiginSKILL.mdaccepts arbitrary strings for event titles. - Boundary markers: Absent. The skill does not appear to use delimiters or system instructions to distinguish between calendar data and agent instructions.
- Capability inventory: The skill renders an interactive UI and returns a
MeetingSelectionobject via IPC; it does not directly perform file writes or network requests, but its output influences the agent's subsequent scheduling decisions. - Sanitization: Absent. There is no evidence of validation or escaping for the
titlefield in calendar events. - Command Execution (LOW): The skill documentation describes the use of
bun run src/cli.tsto launch the calendar scenarios. This represents standard execution of the skill's own local code.
Audit Metadata