The Agent Skills Directory

NO_CODE (LOW): The core implementation scripts (scripts/auth.py and scripts/gcal.py) referenced in the documentation are missing, which limits the ability to verify security practices regarding token handling and input validation.
PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: Untrusted data enters via calendar event listings and details. 2. Boundary markers: Documentation does not indicate use of delimiters to isolate event content from system instructions. 3. Capability inventory: The skill allows for event creation, modification, and deletion based on AI instructions. 4. Sanitization: There is no description of sanitization for ingested event metadata like titles or descriptions.

google-calendar