meeting-ingestion
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data (meeting transcripts) to perform write operations in a persistent storage system.
- Ingestion points: Meeting transcripts and notes are processed during 'Phase 1: Parse the transcript'.
- Boundary markers: The instructions lack specific delimiters or protective prompts to prevent the agent from executing instructions embedded within the transcript text.
- Capability inventory: The skill uses
put_page,add_link, andadd_timeline_entryto modify the user's 'brain' (knowledge base). - Sanitization: There is no evidence of sanitization or validation logic to filter out potentially malicious instructions or deceptive content within the transcripts before they are parsed and used to generate new pages or update existing ones.
Audit Metadata