google-calendar
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
bash -cto executecurlcommands. This pattern is implemented to ensure environment variable persistence across command pipes in specific runtime environments. - [EXTERNAL_DOWNLOADS]: Communicates directly with official Google API endpoints at
https://www.googleapis.com/calendar/v3. These are well-known services, and the usage conforms to standard API practices. - [CREDENTIALS_UNSAFE]: Accesses a
GOOGLE_CALENDAR_TOKENenvironment variable. This secret is appropriately declared in thevm0_secretsmetadata block, enabling secure injection by the platform.
Audit Metadata