action-item-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill ingests potentially untrusted data from meeting summaries (provided by the
meeting-transcript-notesskill) and manual user input. - Boundary markers: The skill does not implement boundary markers or instructions to treat the extracted text as data only, lacking guards against instructions embedded within the tasks.
- Capability inventory: The skill possesses
ReadandWritecapabilities on the local filesystem, specifically targeting~/todos.md(SKILL.md). - Sanitization: No explicit sanitization or validation of the input strings (Owner, Task, Source) is performed before they are interpolated into the file structure.
Audit Metadata