calendar
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the local binary /usr/local/bin/ical-query to perform calendar operations. This is done using array-based arguments which prevents shell injection vulnerabilities.
- [PROMPT_INJECTION]: The skill includes instructions to the model to maintain privacy by only reporting free/busy times. These are safety constraints rather than malicious overrides.
- [DATA_EXFILTRATION]: No network access is requested or used. The handler explicitly strips event details (titles, locations, notes) from the calendar tool's output, ensuring sensitive information is not exposed to the language model.
Audit Metadata