Meeting Digest Truth Extractor
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its core function of ingesting and analyzing untrusted external data (meeting transcripts).
- Ingestion points: The skill pulls meeting transcripts (via
transcript_id) and CRM records (get_deal,get_contact) into the agent's context for analysis. - Boundary markers:
SKILL.mddoes not define explicit boundary markers (such as XML tags or unique delimiters) to separate the untrusted transcript content from the system instructions, increasing the risk that instructions hidden within a transcript could be obeyed by the agent. - Capability inventory: The skill possesses significant capabilities, including the ability to read and potentially update CRM data (
crmcapability) and meeting records (meetingscapability). Maliciously crafted transcripts could attempt to influence how these records are interpreted or summarized. - Sanitization: While the skill includes instructions to 'Extract, structure, and attribute' rather than quoting raw chunks, it lacks formal sanitization or filtering to detect or ignore adversarial commands embedded in the transcript text.
Audit Metadata