meeting-prep
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by aggregating data from untrusted external sources into a single brief. \n
- Ingestion points: Local files in
05-Areas/People/,04-Projects/, and00-Inbox/Meetings/, as well as remote content from Slack messages, Microsoft Teams chats, Gmail threads, and Notion pages. \n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the output format instructions. \n
- Capability inventory: The skill can read local files, call external MCP tools for searching third-party integrations, and write to
System/usage_log.md. \n - Sanitization: No evidence of sanitization, filtering, or validation of content retrieved from external integrations before it is presented to the user. \n- [DATA_EXFILTRATION]: The skill performs telemetry by calling a
track_eventfunction with metadata (attendees_count). It also accesses sensitive configuration files, includingSystem/user-profile.yaml(containing user profile data) andSystem/integrations/config.yaml(containing integration statuses). \n- [COMMAND_EXECUTION]: The skill utilizes Model Context Protocol (MCP) tools to interact with external services (Notion, Slack, Teams, Google Workspace) and perform semantic searches via QMD. While these are platform-provided tools, they represent the execution of logic against external data sets.
Audit Metadata