Skills
skills/niracler/skill/schedule-manager/Gen Agent Trust Hub

schedule-manager

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The dependency check script provides a command to install Homebrew from its official GitHub repository. This is a well-known and trusted service for macOS package management.
  • [COMMAND_EXECUTION]: The skill uses osascript and reminders-cli to perform its core functions of reading and writing to the macOS Calendar and Reminders databases. These commands are necessary for the skill's purpose and do not require root privileges.
  • [DATA_EXPOSURE]: The skill reads planning data from local YAML files located in ~/code/*/planning/schedules/. This access is localized and serves the specific purpose of aggregating project schedules for weekly reviews.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted planning data from local YAML files, which represents an indirect prompt injection surface.
  • Ingestion points: Local YAML files at ~/code/*/planning/schedules/*.yaml.
  • Boundary markers: Absent; instructions do not specify delimiters for parsed data.
  • Capability inventory: Full read/write/delete access to Calendar and Reminders via osascript and reminders-cli.
  • Sanitization: No explicit validation or sanitization of the YAML content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 12:48 PM