Meeting Action Accountability
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for legitimate business automation, facilitating the tracking of commitments from meeting transcripts and CRM records. No malicious intent or security bypass attempts were identified.
- [DATA_EXFILTRATION]: While the skill requests access to sensitive calendar, CRM, and task data, these permissions are necessary for its primary functionality. The data is processed through internal API routes (e.g., /api/insights and /api/search) rather than being sent to untrusted external domains.
- [PROMPT_INJECTION]: The skill processes meeting transcripts and task descriptions which are considered untrusted data sources. This constitutes a surface for indirect prompt injection. Evidence: (1) Ingestion points: meeting transcripts and CRM task descriptions via list_tasks and /api/insights/ endpoints; (2) Boundary markers: Absent; (3) Capability inventory: calendar, crm, tasks access; (4) Sanitization: Absent. This risk is inherent to the skill's purpose and is not a sign of a malicious exploit within the skill itself.
Audit Metadata