calendar

SUSPICIOUS: the calendar capability is broadly aligned with the stated purpose, but the skill routes tokens and calendar data to an unspecified $URL instead of clearly identifying an official Google Apps Script endpoint. The main concern is unverifiable data flow and weak credential handling via query parameters; visible install behavior is otherwise limited and not overtly malicious.