google-calendar
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill code performs transparent API operations and token management. No obfuscation or malicious logic was detected across the provided Python scripts.\n- [DATA_EXFILTRATION]: All network requests are directed to official Google domains (googleapis.com and oauth2.googleapis.com). No sensitive data is transmitted to unauthorized external servers.\n- [EXTERNAL_DOWNLOADS]: Documentation references official Google API client libraries, which are trusted dependencies.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external event data.\n
- Ingestion points: Event details are fetched in scripts/google_calendar.py via the list_events function.\n
- Boundary markers: No delimiters or safety instructions are used to wrap the ingested API data.\n
- Capability inventory: The skill can read and modify Google Calendar data via HTTPS requests and store tokens in a local configuration file.\n
- Sanitization: API responses are returned as raw JSON without content filtering or sanitization.
Audit Metadata