cal-com

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly calls Cal.com API endpoints (e.g., https://api.cal.com/v2/event-types, /bookings, /slots/available) and parses fields like event descriptions, attendees, and status returned from the public Cal.com API—these are untrusted, potentially user-generated values that the agent reads and uses to decide booking/rescheduling/cancellation actions.