google-calendar-mcp
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the package '@cocal/google-calendar-mcp' from an unverified npm source.
- [COMMAND_EXECUTION] (MEDIUM): The 'claude mcp add' command executes unverified code via 'npx' which is granted access to the local environment and sensitive authentication tokens.
- [DATA_EXFILTRATION] (MEDIUM): The skill manages sensitive files 'gcp-oauth.keys.json' and 'token.json' which contain full access credentials. A suspicious hardcoded path referencing a specific user ('salmanferoz') is present in the Windows setup instructions.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability. 1. Ingestion points: Data from Google Calendar (event titles, descriptions) ingested via 'list-events'. 2. Boundary markers: Absent; the agent is not instructed to ignore instructions within calendar data. 3. Capability inventory: 'create-event', 'delete-event', 'update-event', 'manage-accounts'. 4. Sanitization: Absent; no filtering of external content is specified.
Audit Metadata