booking-notify

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains 'Self-Evolving Skill' instructions that direct the agent to modify the SKILL.md file itself to fix errors or update parameters based on its experience. While intended for maintenance, this represents a pattern of self-modifying instructions.
  • [CREDENTIALS_UNSAFE]: The documentation provides instructions for using the 1Password CLI (op) to retrieve sensitive API tokens. Some examples use the --reveal flag, which outputs credentials in plain text to the terminal, where they may be captured in session logs.
  • [COMMAND_EXECUTION]: The skill executes various shell commands to verify the environment, build a local binary using bun, and deploy services to Google Cloud Run using the gcloud CLI.
  • [EXTERNAL_DOWNLOADS]: The setup process includes bun install, which downloads external Node.js packages from the standard npm registry to build the Cal.com CLI tool.
  • [DATA_EXFILTRATION]: The skill is designed to send booking data and notifications to external APIs, including Telegram, Pushover, and Cal.com. These network operations are necessary for the skill's stated purpose of providing notifications.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 06:03 AM
Security Audit — agent-trust-hub — booking-notify