google-calendar
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from the user's Google Calendar.
- Ingestion points: The
scripts/gcal.pyscript retrieves and displays thesummary,description, andlocationfields from calendar events across several functions (cmd_events,cmd_week, andcmd_json). - Boundary markers: The script outputs event data in a plain text bulleted list or JSON format without using specific delimiters or protective instructions that would warn the AI to treat the event content as data rather than instructions.
- Capability inventory: This skill operates within a shell environment where the agent can execute commands and access local files, creating an exploitable surface if an event contains 'jailbreak' style instructions.
- Sanitization: There is no filtering or sanitization of the retrieved event content before it is passed into the agent's context.
Audit Metadata