meet
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell command substitution (
!date,!ls) to provide the agent with current time and a list of recent meeting files at load time. These commands are limited to non-sensitive system information and local directory listing, which is consistent with the skill's purpose. - [PROMPT_INJECTION]: The skill processes untrusted meeting notes provided by the user. While this creates a surface for indirect prompt injection, it is intrinsic to the skill's functionality. The behavior is limited to structured extraction and local file creation.
- Ingestion points: The skill accepts user-provided
$ARGUMENTSand pasted raw notes as input. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the notes as data rather than instructions.
- Capability inventory: The skill is scoped to use file system tools (Write, Edit) and basic Bash commands for context.
- Sanitization: No explicit sanitization or validation of the meeting notes is performed during the extraction process.
Audit Metadata