gcalcli-calendar
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing shell commands through the
gcalcliutility. It specifically utilizes the--iamaexpertflag to bypass interactive safety prompts during event deletion, as documented inSKILL.md. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). It reads untrusted data from external sources (Google Calendar event titles and descriptions) and possesses write capabilities (add/delete).
- Ingestion points: Untrusted data enters the agent context via
gcalcli agendaandgcalcli searchoutputs, as defined inSKILL.md. - Boundary markers: The instructions do not define boundary markers or delimiters to separate tool output from agent instructions.
- Capability inventory: The skill has the capability to delete events (
gcalcli delete) and create events (gcalcli addandgcalcli import). - Sanitization: There is no evidence of sanitization or filtering of the calendar data before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill implements a policy that encourages the agent to skip user confirmation for destructive actions.
SKILL.mdexplicitly states 'Unambiguous actions: execute immediately' for cancel, delete, and edit operations, which increases the impact of potential agent errors or malicious data ingestion.
Audit Metadata