pm-meeting-prep
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data that could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context from Teamwork messages (Step 2), Slack channel history (Step 3), Gmail threads (Step 4), and Fathom AI summaries (Step 5).
- Boundary markers: The instructions do not define boundary markers (such as XML tags or specific delimiters) or provide "ignore embedded instructions" warnings when processing the retrieved content.
- Capability inventory: The skill's primary capabilities are limited to information synthesis and text generation (briefings and agendas). It does not include tools for file modification, code execution, or outbound network requests to unverified domains.
- Sanitization: There is no explicit requirement for the agent to sanitize or validate the content retrieved from the external tools before incorporating it into the final briefing.
Audit Metadata