wiki-meeting-ingest

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest untrusted data in the form of meeting transcripts from various external sources (pasted text, files, or Granola MCP tools). This data is then used to create or modify multiple markdown files across the repository, including meeting notes, person profiles, and feature specifications. If a transcript contains malicious instructions designed to override agent behavior, the agent might execute them while performing these file operations.
  • Ingestion points: Untrusted transcript data enters the context in Step 1 of SKILL.md.
  • Boundary markers: The instructions do not define clear delimiters or provide the agent with 'ignore instructions' warnings when processing the transcript body.
  • Capability inventory: The skill utilizes significant capabilities, including reading directory structures, reading existing documentation, and writing/updating files across multiple directories (SKILL.md Steps 4 through 7).
  • Sanitization: While references/transcript-format.md provides rules for 'cleaning' transcripts, these are focused on removing conversational filler (small talk, greetings) rather than identifying or sanitizing potential command injection strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 02:18 AM
Security Audit — agent-trust-hub — wiki-meeting-ingest