The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill instructions and environment setup involve accessing sensitive credential and token files for Google APIs, specifically ~/.config/gmail/credentials.json and ~/.config/calendar/token.json. Accessing such high-value targets by an AI agent presents a risk of credential exposure if the agent's context is compromised.
[INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted data from external sources, specifically Google Calendar event summaries and descriptions.
Ingestion points: The list and get commands in SKILL.md fetch event data from the Google Calendar API into the agent's working memory.
Boundary markers: There are no specific instructions or delimiters provided to the agent to treat external event data as untrusted or to ignore instructions embedded within those fields.
Capability inventory: The agent has the capability to execute the gcal.py script via Bash (restricted by allowed-tools) and can modify or delete calendar events and send email invitations.
Sanitization: No sanitization, validation, or filtering mechanisms are described for the content returned by the Calendar API before the agent processes it.

google-calendar