gcalcli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads calendar event attachments (the attachments array with attachment_url linking to Google Drive/Google Docs and "Notes by Gemini") and its SKILL.md workflow shows commands that fetch/export those external notes (e.g., search pipelines and gcmd export), meaning the agent ingests and acts on untrusted, user-generated third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime commands explicitly fetch and install remote code from the custom fork via uvx (git+https://github.com/shanemcd/gcalcli@attachments-in-tsv-and-json), which will execute that repository's code when running gcalcli and is marked as a required dependency for attachment support.