The Agent Skills Directory

[SAFE]: The skill utilizes well-known and official Google API libraries (google-api-python-client, google-auth, google-auth-oauthlib) for its core functionality and follows standard development practices for Google API integration.- [DATA_EXFILTRATION]: The skill manages sensitive data, specifically OAuth2 client secrets and tokens. It stores these in a local directory (~/.nanobot/workspace/) and provides clear instructions to the user to exclude these files from public repositories. This is considered standard credential management for desktop-style OAuth2 applications.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves untrusted data from an external service.
Ingestion points: The list command in scripts/oauth_cli.py fetches event summaries and descriptions from the Google Calendar API.
Boundary markers: None; the script outputs raw JSON objects representing the calendar events.
Capability inventory: The skill has the capability to write local files (token.json) and perform network operations to create or modify calendar events via the create command.
Sanitization: There is no sanitization or escaping of the content retrieved from the calendar before it is presented to the agent.- [COMMAND_EXECUTION]: The provided Python script uses argparse for handling user input. This input is then used to populate parameters for the Google API client library calls, which is a safe pattern that avoids direct shell command injection.

google-calendar