macos-calendar
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The shell script executes
osascriptandpython3, which are standard macOS binaries. It uses a heredoc for the AppleScript and passes user-provided data as arguments (argv), which is the recommended method to prevent script injection. User strings are never interpolated directly into the executable script body. - [DATA_EXFILTRATION] (SAFE): No network operations or external data transmissions were detected. Calendar interactions are limited to the local macOS Calendar app. The skill includes a local logging mechanism that records actions to an append-only file, which is a standard audit practice.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials, API keys, or secrets were found in the scripts or documentation.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download or execute remote code. It relies entirely on pre-installed system tools. Input is strictly validated for types and ranges (e.g., hours 0-23, minutes 0-59) before processing.
Audit Metadata