caldav
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from external CalDAV servers and imported ICS files. Ingestion points were found in
scripts/events.py,scripts/todos.py, andscripts/calendars.py, where fields such as event summaries, descriptions, and locations are read. The skill does not implement boundary markers or sanitization for these strings, which could allow a malicious calendar entry to influence the agent's behavior. \n- [COMMAND_EXECUTION]: Thescripts/radicale.pyscript uses thesubprocessmodule to execute system commands includingsystemctl status,pgrep, andhtpasswd. While these calls are implemented using argument lists (avoiding shell injection), they provide the agent with the capability to monitor and manage local system services and user credentials.
Audit Metadata