calendar
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the lark CLI binary and the system date utility to perform its functions.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted content from calendar events into the agent's context.
- Ingestion points: Calendar event summaries, descriptions, and attendee lists are retrieved using lark cal list, lark cal show, and lark cal search (SKILL.md).
- Boundary markers: The skill does not provide any boundary markers or instructions for the agent to ignore potentially malicious content within calendar events.
- Capability inventory: The agent has the capability to execute shell commands using the lark CLI, which includes creating, updating, or deleting calendar data based on its instructions.
- Sanitization: No sanitization or validation of external calendar data is performed before the agent processes the information.
Audit Metadata