google-drive-meeting-transcriber
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute multiple bash commands (using
gws,jq,sed,grep, etc.) that incorporate variables derived from Google Drive folder and file names (e.g.,MEETING_FOLDER_NAME,FILE_NAME). If these names contain shell metacharacters, it could lead to unintended command execution if the agent's environment does not properly escape them. - [EXTERNAL_DOWNLOADS]: The skill instructions include the installation of the
@googleworkspace/clipackage from the npm registry. This is the official Google Workspace CLI and is considered a trusted source under security guidelines. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it reads and processes the full content of transcript files from Google Drive to generate meeting notes.
- Ingestion points: Meeting transcripts are exported from Drive and merged into a variable in
SKILL.md(Step 4e). - Boundary markers: The prompt interpolation logic in Step 4f does not utilize explicit delimiters or 'ignore' instructions to isolate the untrusted transcript content from the agent's instructions.
- Capability inventory: The skill has the capability to list Drive files, create new Google Docs, and update document content (Step 4g).
- Sanitization: There is no evidence of sanitization or filtering of the transcript text before it is sent to the LLM for processing.
Audit Metadata