booking-notify
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains 'Self-Evolving Skill' instructions that direct the agent to modify the
SKILL.mdfile itself to fix errors or update parameters based on its experience. While intended for maintenance, this represents a pattern of self-modifying instructions. - [CREDENTIALS_UNSAFE]: The documentation provides instructions for using the 1Password CLI (
op) to retrieve sensitive API tokens. Some examples use the--revealflag, which outputs credentials in plain text to the terminal, where they may be captured in session logs. - [COMMAND_EXECUTION]: The skill executes various shell commands to verify the environment, build a local binary using
bun, and deploy services to Google Cloud Run using thegcloudCLI. - [EXTERNAL_DOWNLOADS]: The setup process includes
bun install, which downloads external Node.js packages from the standard npm registry to build the Cal.com CLI tool. - [DATA_EXFILTRATION]: The skill is designed to send booking data and notifications to external APIs, including Telegram, Pushover, and Cal.com. These network operations are necessary for the skill's stated purpose of providing notifications.
Audit Metadata