process-meeting-notes
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of meeting transcripts and external notes. An attacker could embed malicious instructions in a meeting transcript to manipulate the agent. * Ingestion points: Fireflies transcripts and user-provided URLs in 'workflows/create-issues-from-notes.md'. * Boundary markers: Absent; meeting content is processed without explicit delimiters or warnings. * Capability inventory: Shell execution via 'gh' CLI in 'workflows/process-recent-meeting.md' and file-write operations in 'workflows/generate-l10-summary.md'. * Sanitization: None; extracted data is used directly in issue creation prompts and commands.
- [COMMAND_EXECUTION]: The skill dynamically constructs shell commands using data extracted from meeting transcripts. * Evidence: In 'workflows/process-recent-meeting.md' and 'workflows/create-issues-from-notes.md', the agent uses 'gh issue create' with titles and labels sourced from meeting notes. * Risk: Malicious input in the transcript could contain shell metacharacters aimed at command injection if the agent executes the string literally.
- [EXTERNAL_DOWNLOADS]: The skill provides an option to fetch meeting notes from a user-supplied URL. * Evidence: Step 1 in 'workflows/create-issues-from-notes.md' allows providing a URL to fetch content, which acts as an unvalidated entry point for external data.
Audit Metadata