google-calendar
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted external data and has side-effect capabilities. 1. Ingestion points: Calendar event titles, descriptions, and attendees retrieved via 'gcal list' and 'gcal get'. 2. Boundary markers: Absent; there are no instructions or delimiters to prevent the agent from obeying instructions embedded in event data. 3. Capability inventory: The skill can create, update, and delete calendar entries ('gcal create', 'gcal update', 'gcal delete'), which can be abused if the agent is compromised. 4. Sanitization: No sanitization or validation of external content is performed.
- [COMMAND_EXECUTION] (LOW): The skill relies on the 'gcal' binary being present on the host system to execute calendar operations, which introduces a dependency on the host's environment security.
Recommendations
- AI detected serious security threats
Audit Metadata