m365-calendar
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The documentation identifies local paths for configuration and token storage (~/.m365calendar/token_cache.json). This is a standard requirement for the tool's function and does not involve unauthorized access.
- [Indirect Prompt Injection] (SAFE): The skill provides the ability to read external calendar data, which is an inherent risk factor for indirect prompt injection. 1. Ingestion points: Event details from 'm365cal show'. 2. Boundary markers: Not mentioned. 3. Capability inventory: 'm365cal create', 'm365cal update', and 'm365cal delete'. 4. Sanitization: Not specified in documentation.
Audit Metadata