macos-calendar
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
osascriptbinary to execute AppleScript code, facilitating interaction with the macOS Calendar application.\n- [DATA_EXFILTRATION]: Reads sensitive information from the user's calendars, including event summaries, detailed descriptions, locations, and attendee contact info (names and emails).\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection as it processes untrusted content from calendar events.\n - Ingestion points: Event metadata (summary, description, location) read in
scripts/event/get.applescriptandscripts/event/list.applescript.\n - Boundary markers: Absent; there are no delimiters used to isolate event data from instructions provided to the agent.\n
- Capability inventory: Capabilities include event deletion (
delete.applescript), event modification (update.applescript), and processing external URLs for calendar subscriptions (subscribe.applescript).\n - Sanitization: No input sanitization or filtering is performed on the data retrieved from Calendar.app.
Audit Metadata