cal-com
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill facilitates interaction with the official Cal.com API (api.cal.com), which is a well-known service for scheduling.
- [SAFE]: Uses environment variables (CALCOM_TOKEN) for API authentication, following best practices for credential management.
- [COMMAND_EXECUTION]: Utilizes curl and jq to perform and process API requests, which are appropriate and expected tools for this skill.
- [SAFE]: Employs temporary file storage in /tmp/calcom_request.json for data transmission, which is a standard procedure.
- [SAFE]: Potential for indirect prompt injection via data ingested from the Cal.com API.
- Ingestion points: API responses from api.cal.com (SKILL.md).
- Boundary markers: None.
- Capability inventory: Shell command execution (curl, jq) and file writing (/tmp).
- Sanitization: Uses jq to parse structured data but does not sanitize natural language content.
Audit Metadata