macos-calendar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The repo includes scripts/calendar/subscribe.applescript which fetches arbitrary webcal/http URLs into Calendar.app, and those externally sourced events are then read by the skill's scripts (e.g., scripts/event/get.applescript, list.applescript, search.applescript) and can influence searches, updates, or deletions—creating a clear path for untrusted public calendar data to affect agent behavior.