google-calendar

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified. The skill performs its stated function of calendar management using standard authentication and tooling.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'orth' CLI and uses the orthogonal.com platform for OAuth authentication. These are legitimate requirements for the service provided.
  • [INDIRECT_PROMPT_INJECTION]: The skill retrieves calendar data which can contain instructions from external sources, creating a potential attack surface.
  • Ingestion points: Event summaries and descriptions retrieved through '/list-events' and '/find-event' actions in SKILL.md.
  • Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in retrieved data.
  • Capability inventory: The agent has the ability to create and delete calendar events based on processed data.
  • Sanitization: No explicit content filtering or validation of the retrieved calendar content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:55 AM
Security Audit — agent-trust-hub — google-calendar