calendar
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary function is to process untrusted external data (event titles and descriptions) while possessing write-level capabilities (event creation and meeting management).
- Ingestion points: Data from Google, Apple, and Outlook calendar APIs.
- Boundary markers: None specified in the documentation or instructions.
- Capability inventory: Meeting scheduling, event creation, and sync operations using system binaries like
curl. - Sanitization: No input validation or instruction-ignoring logic is present.
- Command Execution (LOW): Metadata specifies requirements for
curlandjq. While standard for API interaction, their usage with external data requires strict parameter sanitization to prevent command injection. - No Code (INFO): The provided skill contains only documentation and metadata; it lacks executable script files, making it an incomplete implementation or a documentation-only stub.
Recommendations
- AI detected serious security threats
Audit Metadata