slack-to-gcal
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script using a bash command that interpolates user-provided URLs in Step 2. This method is susceptible to command injection if malicious shell metacharacters are included in the Slack or Calendar links provided by the user.
- [CREDENTIALS_UNSAFE]: The documentation explicitly identifies the use of 'token_calendar.json' and a '.env' file storing the 'SLACK_BOT_TOKEN'. These files contain highly sensitive credentials that could be exposed or accessed by the agent execution environment.
- [PROMPT_INJECTION]: The skill facilitates indirect injection via user-provided link parameters. Ingestion points: Slack and Google Calendar links collected via the AskUserQuestion tool in Step 1. Boundary markers: None; the inputs are wrapped in double quotes in the command but lack sanitization against shell escapes. Capability inventory: Execution of local scripts with access to sensitive credential files and local file system paths. Sanitization: No input validation or escaping is performed on the links before they are passed to the shell environment.
Audit Metadata