meeting-context
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process meeting transcripts, which are untrusted external data sources.
- Ingestion points: Untrusted data enters the agent context via the
meeting_lookuptool, specifically whenextract_transcript:"true"is used. - Boundary markers: Absent. The instructions do not provide delimiters or instructions for the agent to treat the retrieved meeting content as potentially adversarial data.
- Capability inventory: The agent is instructed to extract decisions, action items, and rationale. If an attacker injects instructions into a meeting transcript (e.g., via a calendar invite or shared document), the agent might follow those instructions, leading to fabricated decisions or unauthorized actions in downstream workflows.
- Sanitization: No sanitization, filtering, or validation of the meeting content is performed before the agent processes it for decision-making.
Recommendations
- AI detected serious security threats
Audit Metadata