activity-synthesis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (LOW/INFO): The skill is designed to process untrusted data from external sources (documents, emails, meeting notes) via retrieval tools like
searchanduser_activity. - Ingestion points: Data enters the agent context through the outputs of
user_activity,search, andmeeting_lookuptools. - Boundary markers: No specific delimiters (e.g., XML tags or triple quotes) are prescribed in the instructions for isolating external content.
- Capability inventory: The skill is limited to read-only retrieval and synthesis operations. No file-write, remote execution, or network-exfiltration tools are present in the skill definition.
- Sanitization: The skill mitigates risks through explicit 'BE SKEPTICAL' instructions and significance/relevance tests that encourage the agent to filter out noise and automated content.
- Data Privacy (INFO): The skill accesses sensitive user information including personal roles, responsibilities, and activity logs. However, this access is consistent with its stated purpose of summarizing work activity for the user's own review.
- Dynamic Tool Naming (SAFE): The instructions describe a dynamic naming convention for Glean MCP tools (
mcp__glean_[server-name]__[tool]). This is a structural instruction for tool discovery and does not constitute a dynamic code execution or path injection vulnerability.
Audit Metadata