ics-generator
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions mandate that the agent execute a shell command (
open <filename>.ics) immediately after creating a file. - Evidence: The
SKILL.mdfile specifies 'Auto-open: Always run open .ics after writing the file' as a default behavior. - The filename used in this command is dynamically constructed from the user's natural language event summary ('kebab-case from the event summary'), which presents a risk of command injection if the string is not correctly sanitized for the host shell environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted user input for file generation and system interaction.
- Ingestion points: The skill parses natural language descriptions from the user to extract event details, summaries, and locations.
- Boundary markers: There are no instructions providing delimiters or 'ignore' directives to prevent the agent from obeying malicious instructions embedded within the user's event description.
- Capability inventory: The agent has the ability to write files to the local directory and initiate system-level commands (
open). - Sanitization: While the skill specifies formatting rules for the iCalendar standard (escaping commas, semicolons, etc.), it lacks instructions for sanitizing the input against shell-specific metacharacters used in the filename generation.
Audit Metadata