Skills
skills/dotnetage/mindx/calendar/Gen Agent Trust Hub

calendar

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script calendar_cli.sh is vulnerable to AppleScript injection. The parameters start_date and end_date are parsed from user-controllable JSON input and directly interpolated into a command string passed to osascript -e. An attacker could provide a crafted date string (e.g., using quotes and AppleScript commands) to break out of the intended logic and execute arbitrary AppleScript. Because AppleScript can execute shell commands via the do shell script command, this allows for full command execution on the host system.
  • [DATA_EXFILTRATION]: The injection vulnerability in the osascript command allows for unauthorized access to sensitive system data. Beyond accessing all calendar events regardless of the intended date range, an attacker could use do shell script to read local files (such as SSH keys or environment variables) and exfiltrate them via network requests.
  • [COMMAND_EXECUTION]: The script uses shell variables inside a string executed by osascript without any validation or sanitization. Specifically, in calendar_cli.sh: EVENTS=$(osascript -e "... (date \"$START_DATE\") ..."). If $START_DATE contains ") or (do shell script "curl ...") or (date ", it will trigger unintended code execution.
  • [DATA_EXFILTRATION]: The skill facilitates the ingestion of data from the macOS Calendar application into the agent's context. This represents an attack surface for indirect prompt injection if the agent processes malicious instructions embedded in calendar event summaries.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 11, 2026, 10:47 AM