Skills
skills/membranedev/application-skills/easycalendar/Gen Agent Trust Hub

easycalendar

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads and installs the @membranehq/cli package from the npm registry, which is a vendor-owned tool used to interact with the Membrane platform.
  • [COMMAND_EXECUTION]: Utilizes shell commands through the membrane CLI to perform lifecycle operations such as logging in, connecting to the EasyCalendar service, and executing automated actions.
  • [PROMPT_INJECTION]: The skill ingests natural language input to search for or create actions, creating an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters via the --intent and action description arguments in shell commands within SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: The skill can perform data read and write operations on EasyCalendar through the authenticated membrane tool.
  • Sanitization: Absent in the provided instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:28 PM