skills/kv0906/pm-kit/meet/Gen Agent Trust Hub

meet

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell command substitution (!date, !ls) to provide the agent with current time and a list of recent meeting files at load time. These commands are limited to non-sensitive system information and local directory listing, which is consistent with the skill's purpose.
  • [PROMPT_INJECTION]: The skill processes untrusted meeting notes provided by the user. While this creates a surface for indirect prompt injection, it is intrinsic to the skill's functionality. The behavior is limited to structured extraction and local file creation.
  • Ingestion points: The skill accepts user-provided $ARGUMENTS and pasted raw notes as input.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the notes as data rather than instructions.
  • Capability inventory: The skill is scoped to use file system tools (Write, Edit) and basic Bash commands for context.
  • Sanitization: No explicit sanitization or validation of the meeting notes is performed during the extraction process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 07:08 PM
Security Audit — agent-trust-hub — meet