gws-calendar
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
gwsCLI tool to interact with the Google Calendar API. It enables operations such as managing events, calendar metadata, and access control lists (ACLs). - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by retrieving data from external sources, specifically Google Calendar event details. Malicious content stored in event titles or descriptions could be interpreted as instructions by the agent. No specific boundary markers or sanitization steps are included in this skill's documentation to mitigate this behavior.
Audit Metadata