Skills
skills/jackchuka/skills/gws-meeting-scheduler/Gen Agent Trust Hub

gws-meeting-scheduler

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gws command-line interface to interact with Google Calendar. It executes commands to list events, query free/busy status, and insert new calendar entries. These actions are consistent with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external data from calendar events (such as attendee names and event titles) retrieved via the gws CLI.
  • Ingestion points: Untrusted data enters the context in Step 1 and Step 2 when listing past events and attendee emails from the calendar.
  • Boundary markers: None are used to separate user instructions from external data.
  • Capability inventory: The skill has the capability to write to the calendar (gws calendar +insert).
  • Sanitization: No explicit sanitization or validation of the retrieved calendar data is mentioned before it is processed or presented to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:33 PM
Security Audit — agent-trust-hub — gws-meeting-scheduler