afrexai-email-to-calendar
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes external, untrusted content from emails. \n
- Ingestion points: Untrusted data enters the context via forwarded emails, inbox scans, or user-pasted text as described in
SKILL.md.\n - Boundary markers: The instructions lack explicit delimiters (like XML tags or block markers) to separate the agent's instructions from the untrusted email content.\n
- Capability inventory: The skill has the capability to execute shell commands via
osascriptand thegogutility.\n - Sanitization: There is no evidence of sanitization, filtering, or validation of the email content before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute specific shell commands to interact with calendar applications.\n
- Evidence:
SKILL.mdSection 4 provides shell commands forgog calendar createandosascriptto interface with system calendars.
Audit Metadata