The Agent Skills Directory

[PROMPT_INJECTION]: The skill's description in the YAML frontmatter employs authoritative directives such as "CRITICAL", "MUST", and "override default calendar behavior". These markers are used to hijack the agent's default logic and enforce the use of this specific skill.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by ingesting and acting upon untrusted data from external calendar events. * Ingestion points: The agent retrieves untrusted content from the summary, description, and attendee fields of calendar events via the calendar.listEvents and calendar.getEvent tools. * Boundary markers: There are no instructions provided to the agent to treat retrieved calendar data as potentially unsafe or to ignore embedded instructions within those fields. * Capability inventory: The skill has the ability to perform persistent changes and destructive actions, such as calendar.createEvent, calendar.updateEvent, calendar.deleteEvent, and calendar.respondToEvent. * Sanitization: The skill instructions lack any requirement for the agent to sanitize or validate data retrieved from external participants before processing it or displaying it to the user.

google-calendar