calendar-event-manager
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute AppleScript commands constructed by inserting user-provided strings (such as EVENT_NAME, LOCATION, and NOTES) into templates. Without explicit instructions to escape or sanitize these strings, malicious input containing quotes or script terminators could be used to execute unauthorized AppleScript commands on the host system.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to process untrusted data from event invitations. 1. Ingestion points: Event detail extraction in Template A (Invitations) and Template B (User Descriptions) in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: The skill can execute system-level scripts via the Bash tool and osascript. 4. Sanitization: No sanitization or validation logic is defined to protect against malicious content embedded in the ingested data.
Audit Metadata