meeting-prep-cc
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates user-provided variables like participant name and company name directly into bash scripts for vault searching. This creates a risk of command injection if the input contains shell metacharacters (e.g., ;, $, |), allowing execution of unauthorized commands in the local environment.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the Obsidian vault and processes it to generate briefs, exposing the agent to indirect prompt injection. * Ingestion points: Vault content is read via grep and find commands in SKILL.md. * Boundary markers: No delimiters are used to separate ingested content from instructions. * Capability inventory: The agent can execute bash commands and write files to the local directory. * Sanitization: No filtering or validation is performed on the content retrieved from the vault.
Audit Metadata