calendar
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The setup instructions guide the user to install the clasp CLI tool from Google's official npm package registry to manage the Apps Script project.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes user-controlled calendar data such as event titles and descriptions. 1. Ingestion points: Calendar event details including titles, descriptions, and locations are ingested via the Google Apps Script Web API (documented in references/calendar-api.gs). 2. Boundary markers: The instructions do not define boundary markers or delimiters to separate calendar data from agent instructions. 3. Capability inventory: The skill can read existing schedules, create new events, invite guests, and is designed to integrate with Zoom and WhatsApp for further actions. 4. Sanitization: No sanitization or validation logic is present to filter malicious instructions within the retrieved calendar content.
Audit Metadata