gws-calendar
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill interacts with untrusted external content from the Google Calendar API, creating an indirect prompt injection surface.
- Ingestion points: Data retrieved from 'events.list', 'events.get', and 'settings.list' in SKILL.md.
- Boundary markers: The instructions lack specific delimiters or isolation markers to separate external data from agent commands.
- Capability inventory: The skill possesses significant capabilities, including the ability to delete events, clear calendars, and modify access control lists (ACLs).
- Sanitization: No explicit sanitization or validation of the API-sourced content is described in the skill definition.
Audit Metadata