transcript-summarizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Susceptible to indirect prompt injection via untrusted transcript content. (1) Ingestion points: Reads from VTT, SRT, TXT, and DOCX files in the source directory and Google Doc content via MCP. (2) Boundary markers: Absent; the LLM system prompt does not use delimiters or instructions to ignore embedded commands in the transcript data. (3) Capability inventory: High; writes 'original.txt', 'readable.md', and 'summary.md' to disk and stores structured content in a Qdrant database. (4) Sanitization: Absent; preprocessing is limited to formatting (timestamp removal) and does not filter malicious NL instructions.
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes external dependencies including 'python-docx' and Google Workspace MCP. These are downgraded to LOW/INFO under [TRUST-SCOPE-RULE] as they represent standard integrations for the stated functionality.
Recommendations
- AI detected serious security threats
Audit Metadata