caldav-calendar
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes shell commands (khal, vdirsyncer) with interpolated arguments, creating a risk of command injection if the agent does not sanitize user-provided search terms or event titles.
- CREDENTIALS_UNSAFE (LOW): Documentation suggests storing passwords in local plain-text files (e.g., ~/.config/vdirsyncer/icloud_password). While typical for these tools, it increases exposure risk.
- EXTERNAL_DOWNLOADS (LOW): The skill installs system packages (vdirsyncer, khal) via the apt package manager, which requires elevated privileges.
- PROMPT_INJECTION (LOW): The skill processes untrusted calendar data. An attacker could embed instructions in events to influence the agent. Ingestion points: khal output. Boundary markers: Absent. Capability inventory: Shell command execution. Sanitization: Absent.
Audit Metadata