cal-com
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using bash, curl, and jq to perform REST API operations. This is the primary mechanism for the skill's functionality.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to api.cal.com, which is a well-known scheduling service.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating external data (such as booking IDs, usernames, and slugs) directly into shell command templates.
- Ingestion points: User-provided inputs and data retrieved from API responses (SKILL.md).
- Boundary markers: No delimiters or explicit warnings to ignore embedded instructions are present.
- Capability inventory: Shell execution via bash and curl (SKILL.md).
- Sanitization: The skill does not provide specific instructions for escaping or validating variables before interpolation.
- [SAFE]: The skill follows best practices for secret management by instructing the use of environment variables instead of hardcoding API tokens.
Audit Metadata