meeting-prep
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes unverified data from external sources during the research phase.
- Ingestion points: The skill fetches external data via the
company-intelandperson-lookuptools, specifically reading LinkedIn profiles, recent posts, and company news. - Boundary markers: No delimiters or instructions to 'ignore embedded instructions' are present in the 'Briefing Generation' or 'Assemble Briefing' steps to separate untrusted external data from the skill's logic.
- Capability inventory: The skill has read access to sensitive internal files like
memory/pipeline.jsonandMEMORY.md, and it can execute commands viaorth runfor calendar management. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from LinkedIn or external web searches before it is interpolated into the briefing template.
Audit Metadata