meeting-transcript-notes
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via untrusted meeting transcripts.\n
- Ingestion points: The skill reads markdown-formatted meeting transcripts from the
~/meeting-notes/inbox/directory using theReadtool in Step 2.\n - Boundary markers: The skill instructions mention that the agent should only include information explicitly in the transcript, but it lacks formal delimiters or a strong 'ignore embedded instructions' directive to prevent the agent from obeying commands hidden within the transcript text.\n
- Capability inventory: The agent has access to
Read,Write,Glob, andGreptools. If a malicious instruction in a transcript is followed, it could lead to unauthorized file system access or manipulation.\n - Sanitization: No evidence of sanitization, filtering, or validation is present to ensure transcript content does not contain malicious prompt injections targeting the agent's logic.
Audit Metadata