google-calendar
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified. The skill performs its stated function of calendar management using standard authentication and tooling.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'orth' CLI and uses the orthogonal.com platform for OAuth authentication. These are legitimate requirements for the service provided.
- [INDIRECT_PROMPT_INJECTION]: The skill retrieves calendar data which can contain instructions from external sources, creating a potential attack surface.
- Ingestion points: Event summaries and descriptions retrieved through '/list-events' and '/find-event' actions in SKILL.md.
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in retrieved data.
- Capability inventory: The agent has the ability to create and delete calendar events based on processed data.
- Sanitization: No explicit content filtering or validation of the retrieved calendar content is described.
Audit Metadata