calendar-automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of processing external, untrusted content.
- Ingestion points: The skill retrieves and processes data from calendar event descriptions, meeting attendee responses from Calendly, and summaries of recent email interactions (SKILL.md).
- Boundary markers: The templates provided for Slack notifications and meeting preparation documents do not include explicit delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill utilizes tools for creating and updating calendar events, sending Slack messages, and updating CRM records in HubSpot (SKILL.md).
- Sanitization: There is no documentation of input validation, escaping, or sanitization of the external data before it is interpolated into prompts for the agent to process.
Audit Metadata