calendar-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and interprets user-provided calendar content from untrusted sources — e.g., pasted screenshots, copy-pasted schedules, .ics files or published ICS URLs, and events pulled via Google Calendar MCP / gcalcli / Apple MCP — and parses event titles/descriptions as part of the audit, exposing the agent to arbitrary user-generated content that could carry injected instructions.