calcom-access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow explicitly runs the Cal.com CLI against a Cal.com/API instance (see MANDATORY PREFLIGHT and "Cal.com Commands" in SKILL.md, e.g. $CALCOM_CLI event-types list and $CALCOM_CLI bookings list -n 10 --json), ingesting booking/event data from an external Cal.com instance (user-generated/untrusted) which the agent parses and can drive follow-up actions like creating, updating, or cancelling bookings.