google-calendar-automation
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server endpoint (https://rube.app/mcp) to access the calendar tools. This directs agent capabilities through a third-party infrastructure not listed among trusted vendors.- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface identified.
- Ingestion points: Calendar event summaries, descriptions, and attendee emails are retrieved via GOOGLECALENDAR_FIND_EVENT and GOOGLECALENDAR_EVENTS_LIST in SKILL.md.
- Boundary markers: No delimiters or instructions are present to prevent the agent from obeying commands embedded within calendar entries.
- Capability inventory: The skill possesses capabilities to create, update, and delete events, as well as manage attendees via GOOGLECALENDAR_CREATE_EVENT, GOOGLECALENDAR_PATCH_EVENT, and GOOGLECALENDAR_DELETE_EVENT.
- Sanitization: The skill lacks validation or sanitization mechanisms for content fetched from external calendar sources.
Audit Metadata