The Agent Skills Directory

DATA_EXFILTRATION (MEDIUM): The skill documentation explicitly requires access to a sensitive file path './credentials.json'. Accessing local credentials files is a high-risk pattern, here downgraded to MEDIUM as it is the primary mechanism for the skill's intended OAuth integration.
PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. (1) Ingestion points: Untrusted data is ingested from calendar event summaries and descriptions via 'search_events.py'. (2) Boundary markers: Absent; there are no instructions to the agent to ignore or delimit external content. (3) Capability inventory: The skill can create and modify events via 'create_event.py'. (4) Sanitization: No sanitization or validation of the retrieved calendar data is performed before it enters the agent's context.

google-calendar