calendar-cli
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ability to ingest and process untrusted data from external sources like email (.eml) and calendar (.ics) files. An attacker could craft a malicious invite containing instructions that the agent might follow when it reads or lists the event.
- Ingestion points: The 'import' and 'reply' commands in EMAIL_INVITES.md ingest external files, while 'list' and 'search' in SKILL.md display their contents.
- Boundary markers: No explicit delimiters or instructions are used to tell the agent to ignore instructions embedded in the calendar data.
- Capability inventory: The agent has the ability to create, edit, and delete calendar entries and send emails via 'msmtp', which could be misused if an injection succeeds.
- Sanitization: There is no evidence of sanitization or content validation for the imported data.
- [COMMAND_EXECUTION]: The skill executes external command-line binaries 'calendar-cli' and 'msmtp' on the host system to perform calendar and email operations.
Audit Metadata