fathom
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'fathom' command-line interface to perform all operations, including meeting discovery, retrieval of recordings, and searching meeting content.
- [DATA_EXFILTRATION]: The skill provides capabilities to export meeting data in multiple formats and to create webhooks that send transcripts and summaries to external URLs, which is part of the intended functionality for the Fathom service.
- [PROMPT_INJECTION]: The skill processes untrusted meeting transcripts and summaries, which creates a potential surface for indirect prompt injection from meeting participants.
- Ingestion points: 'fathom recordings transcript' and 'fathom recordings summary' commands as defined in SKILL.md.
- Boundary markers: No delimiters or explicit 'ignore instructions' markers are included in the prompt configuration.
- Capability inventory: The skill has the ability to export data and create webhooks to transmit information to external destinations.
- Sanitization: No sanitization or validation of the ingested recording content is specified.
Audit Metadata