Skills
skills/membranedev/application-skills/calcom/Gen Agent Trust Hub

calcom

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill manages Cal.com authentication through the Membrane platform's backend. This design prevents sensitive credentials from being exposed to the AI agent or stored in the local environment, adhering to the principle of least privilege.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli global package from NPM. This is a legitimate utility provided by the vendor (Membrane) to facilitate the integration and does not originate from an untrusted source.
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI tool to execute actions and make proxy requests to the Cal.com API. These commands are part of the intended functionality for interacting with the service through the vendor's ecosystem.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data retrieved from the Cal.com API.
  • Ingestion points: Data enters the context from Cal.com via actions like list-bookings, list-users, and get-event-type (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat this external data as untrusted.
  • Capability inventory: The agent can execute shell commands via the membrane CLI and perform network requests using the membrane request proxy (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the ingested API data is defined in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 01:07 AM