Coaching Analysis
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from meeting transcripts without sufficient defensive boundaries. \n
- Ingestion points: The skill reads external content through the
transcriptinput and themeetingscapability, which are controlled by third parties. \n - Boundary markers: The instructions lack specific delimiters (e.g., XML tags or triple quotes) or explicit commands to the agent to ignore any potential instructions or code found within the transcript text. \n
- Capability inventory: The agent has read access to
crmandmeetingsdata and outputs coaching reports, but it does not have high-risk capabilities like writing to the filesystem or executing shell commands. \n - Sanitization: No sanitization or validation of the transcript content is mentioned in the skill definition. \n- [NO_CODE]: The skill consists entirely of markdown documentation and logic; it does not include any executable scripts (.py, .js, .sh), which significantly reduces its attack surface.
Audit Metadata