automating-calendar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill exposes the agent to untrusted third‑party content because the PyXA API includes subscribe_to(url) (e.g., subscribe_to("https://example.com/calendar.ics")) and the provided scripts enumerate and read event.summary(), description(), location(), and attachments from calendars — which may include user‑provided or publicly subscribed calendar feeds — so the agent will ingest and act on arbitrary external calendar data.