agency-docs-updater
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates a sequence of complex tasks by executing local scripts and system binaries (e.g.,
sync.sh,download_video.py,process_video.py,update_meeting_doc.py,git,gh). These operations are directed to run without human confirmation. - [PROMPT_INJECTION]: The script
update_meeting_doc.pyperforms a translation task by interpolating the contents of a meeting summary directly into a command-line prompt for theclaudeCLI. This creates a surface for indirect prompt injection if the summary (derived from a Fathom transcript) contains malicious instructions. - Ingestion points:
summary_fileread inupdate_meeting_doc.pyand interpolated into a CLI prompt. - Boundary markers: Absent; the content is placed directly into the prompt string.
- Capability inventory: File writing, Git commits, and GitHub API interactions via
ghCLI. - Sanitization: None; input content is used raw in the command construction.
- [EXTERNAL_DOWNLOADS]: The skill invokes a Python script to download video files from external Fathom URLs.
- [PROMPT_INJECTION]: The skill instructions explicitly bypass standard safety checks by directing the agent to 'execute ALL steps... automatically in sequence' and 'Do not stop to ask for confirmation', which removes human-in-the-loop safeguards for a complex multi-stage pipeline.
Audit Metadata