Skills
skills/jdrhyne/agent-skills/gong/Gen Agent Trust Hub

gong

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a local file at ~/.config/gong/credentials.json to retrieve Gong API credentials (access_key, secret_key, and base_url). This is the primary mechanism for authenticating requests to the Gong service.
  • [PROMPT_INJECTION]: The skill retrieves call transcripts and meeting content, which represents untrusted external data.
  • Ingestion points: The transcript and call commands in scripts/gong.sh fetch raw text from the Gong API.
  • Boundary markers: There are no markers or instructions provided to the agent to distinguish between the fetched transcript text and system instructions.
  • Capability inventory: The script uses curl for network requests and jq for parsing JSON data.
  • Sanitization: The skill does not perform sanitization or filtering on the retrieved transcript content before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 05:19 PM