transcript-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). The skill ingests untrusted text data from Zoom transcripts and processes it through multiple LLM stages (Refine, Synthesize, Enhance).\n
- Ingestion points: Raw .txt transcript files are parsed by
scripts/ingest_zoom_captions.py.\n - Boundary markers: The prompts use
[source: <segment_id>]tags and structured Markdown/JSON blocks to delimit data, which provides provenance but not complete protection against adversarial instructions embedded in the lecture text.\n - Capability inventory: The agent can write various markdown and JSON artifacts to the local filesystem and is instructed to run local scripts.\n
- Sanitization: No sanitization is performed to detect or neutralize malicious instructions within the transcript text.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill is designed to fetch external content from Google Colab, Notion, and Canva for educational enrichment. Per [TRUST-SCOPE-RULE], while this is the intended purpose of the skill, it represents a network access surface to non-whitelisted domains.
Audit Metadata