Skills
skills/cklxx/elephant.ai/meeting-notes/Gen Agent Trust Hub

meeting-notes

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (LOW): Surface for Indirect Prompt Injection detected. The skill ingests raw meeting notes and interpolates them directly into a prompt template without boundary markers or instructions for the LLM to ignore potentially malicious embedded content.
  • Ingestion points: run.py accepts notes string or reads content from a file path.
  • Boundary markers: Absent. The format_prompt in run.py concatenates instructions directly with raw input.
  • Capability inventory: File reading via pathlib.Path.read_text.
  • Sanitization: None.
  • DATA_EXFILTRATION (LOW): Unrestricted file access. The collect function in run.py reads content from any user-provided file_path. This capability could be exploited to expose sensitive local files if an attacker provides a path like /etc/passwd or ~/.ssh/id_rsa via indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:40 PM