fathom
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill directly fetches and ingests user-generated meeting data (transcripts, summaries, action items, participant info) from the Fathom API (BASE_URL https://api.fathom.ai/external/v1, via scripts/utils.py and scripts/fetch.py) and also downloads videos from meeting share_url, so the agent will read and process untrusted third-party content.
Audit Metadata