fireflies
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements legitimate functionality for retrieving meeting notes and transcriptions as described. No obfuscation, persistence, or privilege escalation patterns were found.
- [EXTERNAL_DOWNLOADS]: Communicates with the well-known api.fireflies.ai endpoint using the httpx Python library. It correctly requires a user-provided API key via environment variables.
- [PROMPT_INJECTION]: The skill processes meeting transcripts from an external source, creating a surface for indirect prompt injection. * Ingestion points: Meeting transcript content and summaries are fetched from the Fireflies.ai API in fireflies script. * Boundary markers: Absent; transcript data is included in responses without explicit boundary delimiters. * Capability inventory: Performs network requests to api.fireflies.ai (HTTPS POST). * Sanitization: No sanitization or safety-specific filtering is applied to the retrieved transcript text.
Audit Metadata