Skills
skills/mic92/mics-skills/calendar-cli/Snyk

calendar-cli

Warn

Audited by Snyk on Mar 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The EMAIL_INVITES.md workflow explicitly accepts and parses incoming calendar emails and .ics files from external senders (e.g., "cat email.eml | calendar-cli import"), so untrusted third‑party content is read and can drive creating/updating events and sending RSVP responses.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 12:48 AM
Issues
1