fathom
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes meeting transcripts and summaries which are external, potentially untrusted sources of data. This creates a surface for Indirect Prompt Injection if the meeting content contains malicious instructions intended to manipulate the AI agent.
- Ingestion points:
scripts/get-transcript.shandscripts/get-summary.shfetch meeting content from the Fathom API. - Boundary markers: Absent. The scripts output the raw transcript and summary text directly to stdout without using delimiters or safety instructions to separate the data from agent instructions.
- Capability inventory: The skill has the ability to execute shell commands (
curl,jq), access the network (api.fathom.ai), and read local configuration files (~/.fathom_api_key). - Sanitization: Absent. The meeting content is extracted via
jqand printed directly without filtering or escaping. - [COMMAND_EXECUTION]: Shell scripts in the
scripts/directory construct API requests and payloads using string interpolation of variables that are not strictly validated. - Evidence: In
scripts/setup-webhook.sh, the$WEBHOOK_URLvariable is inserted into a JSON payload string. If the input contains escaped double-quotes or control characters, it could be used to manipulate the JSON structure sent to the API. - Evidence: In
scripts/list-calls.shandscripts/search-calls.sh, query parameters like$LIMITand$CURSORare appended directly to the URL string. While used withincurlcalls, a lack of URL-encoding or character validation could lead to unexpected behavior if special characters are provided as input.
Audit Metadata