Skills
skills/sundial-org/awesome-openclaw-skills/apple-calendar/Gen Agent Trust Hub

apple-calendar

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes AppleScript via osascript. It safely passes data as arguments to the run handler, which prevents script injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Ingestion points: Untrusted data is read from event summaries and descriptions in scripts/cal-events.sh, scripts/cal-read.sh, and scripts/cal-search.sh. Boundary markers: There are no delimiters or specific instructions to isolate calendar data from the agent's prompt context. Capability inventory: The skill has the ability to create, update, and delete calendar events. Sanitization: No sanitization or filtering is performed on the retrieved calendar data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 11:28 PM