meeting-prep
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes untrusted data from external sources without explicit boundary markers or sanitization.
- Ingestion points: The skill reads external data from Gmail message threads (
gmail_read_thread) and Granola meeting transcripts (get_meetings). - Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between its primary instructions and potential instructions embedded within the emails or meeting notes.
- Capability inventory: The agent has the capability to write to the local filesystem, including updating
context.mdfiles and modifying the.envfile. - Sanitization: There is no evidence of filtering or validation for the content retrieved from external integrations before it is used to generate talking points or stored locally.
- [DATA_EXFILTRATION]: The skill accesses and modifies the
.envfile, which is identified as a sensitive file path. - Evidence: The skill is instructed to read from and persist the
EXTRUCT_GROWTH_SIGNAL_TABLE_IDdirectly into the.envfile to maintain state across sessions. - [DATA_EXFILTRATION]: The skill transmits company information to an external endpoint for data enrichment.
- Evidence: Company domains are sent to the Extruct MCP server at
https://api.extruct.ai/mcpto perform automated research and population of the Growth Signal table.
Audit Metadata