ljg-calendar
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes dynamically generated AppleScript code using the
osascriptutility via a Bash tool. This capability is used to both query existing events and create new ones within the macOS Calendar application. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from user text and images without sufficient sanitization. ● Ingestion points: User-provided text, chat screenshots, posters, or email screenshots are used to extract event metadata in Step 2. ● Boundary markers: The skill does not define delimiters or specific 'ignore' instructions for the extracted content before inserting it into the AppleScript command string. ● Capability inventory: The skill can perform arbitrary AppleScript operations through the
osascriptinterface, which has access to system data and applications. ● Sanitization: There are no instructions to escape or validate user-provided strings (like 'summary' or 'description') before they are interpolated into themake new eventAppleScript template, potentially allowing an attacker to 'break out' of the string and execute unintended AppleScript commands.
Audit Metadata