fireflies-data-handling
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified during analysis. The skill implements privacy-focused functionality as described.
- [CREDENTIALS_UNSAFE]: The skill correctly manages credentials by using environment variables (process.env.FIREFLIES_API_KEY) for authentication, which is the recommended secure method for handling sensitive tokens in integrations.
- [EXTERNAL_DOWNLOADS]: The skill references the 'graphql-request' library, which is a standard and well-known Node.js package for GraphQL communication. It interacts with 'api.fireflies.ai', which is the official endpoint for the Fireflies.ai service.
- [DATA_EXFILTRATION]: Network operations are restricted to established service domains consistent with the skill's purpose. No unauthorized data transmission to unknown third-party domains was found.
- [PROMPT_INJECTION]: The skill is designed to process untrusted meeting transcript data. While this presents an indirect prompt injection surface, the skill includes explicit mitigation logic for PII redaction and contains no instructions that attempt to override agent safety constraints or reveal system prompts.
Audit Metadata