gws-meeting-scheduler
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to interpolate user-provided or externally-sourced strings, such as
<title>and<name>, directly into shell commands (e.g.,gws calendar +insert --summary "<title>"). If these inputs contain shell metacharacters (like;,&, or|), they could potentially be used to execute arbitrary commands depending on the agent's execution environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from existing calendar events (such as meeting titles and descriptions) using
gws calendar events list. A malicious actor could invite a user to a meeting with a title containing instructions designed to manipulate the agent's logic during the "Resolve attendee email" or "Detect timezones" phases. - Ingestion points: Reads event summaries and attendee lists via
gws calendar events list(Step 1 and Step 2 in SKILL.md). - Boundary markers: None provided in the instructions to separate data from commands.
- Capability inventory: Has the ability to create and modify calendar events using
gws calendar +insertandgws calendar events insert. - Sanitization: No sanitization or validation of the ingested calendar data is specified before it is used to inform agent decisions.
Audit Metadata