Skills
skills/microboxlabs/modulariot/miot-calendar/Gen Agent Trust Hub

miot-calendar

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the miot CLI to perform operations, passing parameters such as calendar and resource IDs to shell commands. This is the intended primary functionality.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use npx @microboxlabs/miot-cli, which downloads and runs the vendor's own package from the npm registry at execution time. This is a legitimate vendor resource.\n- [PROMPT_INJECTION]: The skill processes data from the ModularIoT API (via CLI JSON output), which represents an indirect prompt injection surface.\n
  • Ingestion points: CLI response data in SKILL.md (e.g., list results, slot details).\n
  • Boundary markers: Absent; the instructions do not tell the agent to distinguish between its own logic and the data provided by the API.\n
  • Capability inventory: The skill can execute commands to create, modify, and delete calendars and bookings.\n
  • Sanitization: No data validation or sanitization is specified for the API output before it is summarized for the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 02:52 PM