apple-events
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes user-provided data from calendar and reminder entries.
- Ingestion points: Reminder and calendar event data (titles, notes, list names) are ingested via
event reminders listandevent calendar listcommands (SKILL.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The agent can create, update, and delete reminders, calendar events, and lists, and perform network synchronization (SKILL.md).
- Sanitization: No sanitization or validation of the retrieved text data is described in the skill instructions.
- [DATA_EXFILTRATION]: The skill implements a synchronization feature that transmits reminder and calendar data to an external Cloudflare Worker backend.
- Evidence: The
event synccommand sends local data to the URL defined in theEVENT_SYNC_API_URLenvironment variable (SKILL.md, references/cloud-sync.md). - Context: This behavior is the primary purpose of the 'Cloud Sync' feature. The setup instructions require the user to explicitly configure their own backend URL and API token, ensuring the user maintains control over the destination of their data.
Audit Metadata