meeting-prep
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill reads sensitive authentication tokens and client secrets from a designated credentials directory to facilitate API access.
- Evidence: Accesses
credentials/github_tokenusingcat. - Evidence: Parses
credentials/calendar_tokens.jsonandcredentials/client_secret.jsonusingjqto extract access tokens and OAuth credentials. - [DATA_EXFILTRATION]: The skill performs network operations that involve sending local credentials to external service providers.
- Evidence: Transmits authentication tokens to Google's API endpoints (
googleapis.comandoauth2.googleapis.com) to manage calendar data. - Evidence: Transmits a personal access token to GitHub's API (
api.github.com) to retrieve repository and commit information. - [COMMAND_EXECUTION]: The skill incorporates shell-based automation to interact with the system environment and remote services.
- Evidence: Employs
curlfor making network requests to third-party APIs. - Evidence: Uses
jqfor processing JSON-formatted configuration and API response data. - Evidence: Uses
dateandcatfor timestamp management and local file reading. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from external sources.
- Ingestion points: The skill fetches commit messages from GitHub repositories and event titles/descriptions from Google Calendar via API calls.
- Boundary markers: Absent. There are no delimiters or specific instructions to ensure the agent ignores malicious commands embedded in the retrieved content.
- Capability inventory: The agent has the ability to perform network requests (
curl) and read local files (cat). - Sanitization: Absent. The skill summarizes and formats external data directly into a final report without implementing filtering or escaping mechanisms.
Audit Metadata