calendar-audit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The Apple Calendar setup guide in references/calendar-setup.md directs users to download an unverified binary (CheICalMCP), grant it execution permissions (chmod +x), and add it as an MCP server. This allows unvetted code to run within the user's environment.
- EXTERNAL_DOWNLOADS (MEDIUM): Recommends the installation of the @cocal/google-calendar-mcp package via npx -y. The @cocal organization is not a trusted source, and npx -y executes packages without confirmation, introducing supply chain risks.
- COMMAND_EXECUTION (MEDIUM): The skill provides documentation for shell commands like chmod +x and claude mcp add that facilitate the execution of external, unverified code.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted meeting data without sanitization. 1. Ingestion points: Calendar event titles and descriptions via screenshots, text, or ICS files. 2. Boundary markers: Absent. 3. Capability inventory: The agent performs scoring analysis and generates audit reports based on event content. 4. Sanitization: No evidence of sanitization or instructions to ignore embedded prompts in event fields.
Recommendations
- AI detected serious security threats
Audit Metadata