meeting-prep

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web and uses it to generate briefings without explicit boundary markers.
  • Ingestion points: Untrusted web content is retrieved using nimble search and nimble extract in Steps 3, 4, and 5 of SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating search results into the agent's context or during the synthesis in Step 6.
  • Capability inventory: The agent possesses the Bash, Write, and Edit tools, allowing it to execute commands or modify local files based on instructions found in web data.
  • Sanitization: The skill does not perform sanitization, escaping, or validation on the markdown content extracted from URLs before processing it.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool for various operational tasks.
  • Evidence: Executing the nimble CLI for web research, running python3 for date calculations, and using npm for tool installation (SKILL.md, references/nimble-playbook.md).
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install external software from a public registry.
  • Evidence: The onboarding flow in references/profile-and-onboarding.md instructs the user to install the @nimbleway/cli package from the npm registry. This is a vendor-owned resource used for the skill's primary functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 08:26 PM
Security Audit — agent-trust-hub — meeting-prep