booking-config
Fail
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill fetches a Cal.com API key and passes it as a query parameter in a curl request (
apiKey=$CALCOM_API_KEY), exposing the secret to system logs, browser history, and network proxies. - [COMMAND_EXECUTION]: The skill runs a local CLI binary (
calcom) and the 1Password CLI (op) for secret retrieval, which involve direct shell execution of binary files. - [PROMPT_INJECTION]: The 'Self-Evolving' feature instructs the agent to modify the skill's own instructions based on runtime results. This creates a surface for indirect prompt injection where malicious external data from the Cal.com API could trick the agent into inserting dangerous logic into the SKILL.md file.
- [REMOTE_CODE_EXECUTION]: The practice of piping remote API responses to an interpreter (e.g.,
curl ... | python3 -m json.tool) is flagged by security scanners as a high-risk pattern for code execution if the response data were ever interpreted as code. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.cal.comto manage webhooks and event types.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.cal.com/v1/webhooks?apiKey=$CALCOM_API_KEY - DO NOT USE without thorough review
Audit Metadata