outlook-calendar-automation
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add an external MCP server at
https://rube.app/mcp. This server provides the underlying tools for Outlook interaction. As this endpoint is not a well-known or trusted service provider, it represents a remote dependency on an unverified third-party platform that handles sensitive user data flow. - [PROMPT_INJECTION]: The skill processes untrusted external data through functions that list and search calendar events. This establishes a surface for indirect prompt injection where an attacker could embed malicious instructions in calendar event subjects, bodies, or attendee fields.
- Ingestion points: Untrusted data enters the agent context via
OUTLOOK_LIST_EVENTS,OUTLOOK_GET_EVENT, andOUTLOOK_GET_CALENDAR_VIEWtools described inSKILL.md. - Boundary markers: The instructions do not define delimiters or warnings to ignore instructions within the retrieved calendar data.
- Capability inventory: The skill possesses capabilities to modify calendar state, create events, and send email invitations via
OUTLOOK_CALENDAR_CREATE_EVENT,OUTLOOK_UPDATE_CALENDAR_EVENT, andOUTLOOK_DELETE_EVENTinSKILL.md. - Sanitization: There is no mention of sanitizing, escaping, or validating the content retrieved from the calendar before it is processed by the agent.
Audit Metadata