Skills
skills/mcoquet/mac-calendar-ekctl/ekctl/Gen Agent Trust Hub

ekctl

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted data from calendar events and reminders which can contain malicious instructions. * Ingestion points: The ekctl list events and ekctl list reminders commands in SKILL.md ingest external text into the agent context. * Boundary markers: Absent. The instructions do not define delimiters or warn the agent to ignore instructions within the event data. * Capability inventory: The skill provides high-impact write capabilities including ekctl delete event, ekctl delete reminder, and ekctl complete reminder. * Sanitization: Absent. There is no validation of the content retrieved from the calendar before it is processed by the agent.
  • [Unverifiable Dependencies] (MEDIUM): The skill requires the installation of ekctl from a third-party GitHub repository (schappim/ekctl) that is not in the trusted source list. This binary-level dependency has not been verified for security.
  • [Command Execution] (LOW): The skill executes multiple shell commands to interact with the macOS EventKit framework. While the operations are consistent with the stated purpose, the agent is granted significant control over personal organizational data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:34 AM