google-calendar
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the official
@membranehq/clipackage from the NPM registry to enable interaction with the Membrane service. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform authenticated operations, search for connectors, and execute pre-defined integration actions. - [DATA_EXFILTRATION]: The skill includes a proxy request feature allowing the agent to communicate with the Google Calendar API. This is used for standard service integration and authenticated via the Membrane platform.
- [PROMPT_INJECTION]: The skill processes external data from Google Calendar, which presents an inherent surface for indirect prompt injection.
- Ingestion points: Event descriptions, titles, and calendar metadata retrieved via actions like
list-eventsandget-eventin SKILL.md. - Boundary markers: Not explicitly defined in the provided instructions.
- Capability inventory: The skill can create, update, or delete calendar events and perform arbitrary API requests via
membrane requestin SKILL.md. - Sanitization: No specific sanitization or validation steps are outlined for data retrieved from the API.
Audit Metadata