The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the execution of local scripts (scripts/auth.py and scripts/gcal.py) for authentication and all calendar operations.
[CREDENTIALS_UNSAFE]: The skill manages sensitive OAuth tokens and stores them in the system keyring. It claims that tokens are refreshed using a "Google cloud function," which is a non-standard description for OAuth2 refresh flows. Typical client libraries communicate directly with Google's OAuth endpoints; a custom cloud function could serve as a middleman for credential harvesting.
[DATA_EXFILTRATION]: The skill has access to sensitive calendar data, including meeting details, schedules, and attendee emails. The combination of sensitive data access and the non-standard authentication refresh mechanism creates a potential path for data or credential exfiltration.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from calendar events without safety boundaries. Ingestion points: Event summaries, descriptions, and attendee lists retrieved by scripts/gcal.py. Boundary markers: None identified in the skill instructions to separate data from instructions. Capability inventory: The skill has broad capabilities to create, update, and delete calendar events and invitations. Sanitization: No evidence of input validation or sanitization of the retrieved event content is mentioned.

google-calendar-automation