meeting-prep
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web and uses it to generate briefings without explicit boundary markers.
- Ingestion points: Untrusted web content is retrieved using
nimble searchandnimble extractin Steps 3, 4, and 5 ofSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating search results into the agent's context or during the synthesis in Step 6.
- Capability inventory: The agent possesses the
Bash,Write, andEdittools, allowing it to execute commands or modify local files based on instructions found in web data. - Sanitization: The skill does not perform sanitization, escaping, or validation on the markdown content extracted from URLs before processing it.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool for various operational tasks. - Evidence: Executing the
nimbleCLI for web research, runningpython3for date calculations, and usingnpmfor tool installation (SKILL.md, references/nimble-playbook.md). - [EXTERNAL_DOWNLOADS]: The skill directs the user to install external software from a public registry.
- Evidence: The onboarding flow in
references/profile-and-onboarding.mdinstructs the user to install the@nimbleway/clipackage from the npm registry. This is a vendor-owned resource used for the skill's primary functionality.
Audit Metadata