process-meetings
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from meeting notes synced from an external application (Granola) to update person/company pages and create tasks. This creates a surface for indirect prompt injection where malicious instructions embedded in meeting transcripts could influence agent actions during the processing phase.\n
- Ingestion points: Meeting files located in
00-Inbox/Meetings/*.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when reading meeting content.\n
- Capability inventory: Writing files to
05-Areas/People/and05-Areas/Companies/, executing script hooks (.Codex/hooks/post-meeting-person-update.cjs,.Codex/hooks/meeting-summary-generator.cjs), and creating tasks via the Work MCP.\n - Sanitization: No evidence of sanitization or validation of the meeting content before interpolation into file updates or task creation.\n- [COMMAND_EXECUTION]: The skill executes local shell scripts and JavaScript hooks to perform its tasks. These commands are triggered by skill hooks and during manual setup.\n
- Evidence: Use of
node .Codex/hooks/post-meeting-person-update.cjsin thePostToolUsehook,node .Codex/hooks/meeting-summary-generator.cjsin theStophook, and./install-automation.shfor initial setup.\n- [PERSISTENCE]: The skill installs background automation to sync meetings every 30 minutes, which likely involves setting up a cron job or similar persistent system process.\n - Evidence: Description of background sync running every 30 minutes and the presence of an installation script in
.scripts/meeting-intel/install-automation.sh.
Audit Metadata