Skills
skills/terrylica/cc-skills/calendar-event-manager/Gen Agent Trust Hub

calendar-event-manager

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute AppleScript via osascript. It dynamically constructs these scripts by interpolating data from event invitations and user descriptions. Because there is no mention of escaping or sanitizing these inputs, a malicious payload (e.g., in an event's notes) could terminate a string literal and execute unauthorized AppleScript commands on the host system.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface in Template A by processing data from untrusted external invitations.
  • Ingestion points: External event details extracted during Template A's execution in SKILL.md.
  • Boundary markers: Absent; the instructions do not specify delimiters or warnings for the agent to ignore instructions found within invitation data.
  • Capability inventory: Includes the Bash tool (for system automation via osascript), Read, and AskUserQuestion tools.
  • Sanitization: No validation, filtering, or escaping logic is defined for the external content before it is used to drive agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:51 AM