calendly-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): Requires installation of
requestsandpython-dotenvfrom PyPI. Both are industry-standard packages. - DATA_EXFILTRATION (LOW): Performs network requests to
api.calendly.com. This is necessary for the skill's functionality but involves communication with a non-whitelisted external domain. - PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8) as it processes data from the Calendly API without explicit sanitization or boundary markers shown in the examples. Evidence: Ingestion: API response data; Boundaries: Absent; Capabilities: Network access; Sanitization: Absent.
Audit Metadata