fathom
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant risk of Indirect Prompt Injection via meeting data. * Ingestion points: The skill fetches transcripts and AI summaries from the external Fathom API (api.fathom.ai) in fetch.py and utils.py. * Boundary markers: Ingested data is delimited by basic Markdown headers (e.g., '## Transcript'), which do not prevent the agent or sub-processes from interpreting embedded instructions as commands. * Capability inventory: The skill executes external processes (ffmpeg, ffprobe, npm, python3) using subprocess.run and writes files to the user's home directory. * Sanitization: Filenames are safely slugified in utils.py, but the actual transcript and summary content is not sanitized before being written to disk or passed to other tools.
- [COMMAND_EXECUTION] (HIGH): Execution of external tools using API-provided data. In fetch.py and download_video.py, data from the Fathom API (URLs and file paths) is passed directly to subprocess calls for ffmpeg and npm. While structured as lists, this still relies on the integrity of the remote API response and the safety of the tools processing the input.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Ingestion of external meeting data and media. The skill retrieves transcripts and video streams from external servers, posing a risk if the data source or transit is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata