meeting-transcription
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via meeting audio. An attacker could embed spoken commands in a recording that, once transcribed by the STT engine, may be interpreted by the agent as instructions during the summarization phase. * Ingestion points: Step 1 accepts audio from local paths or remote URLs. * Boundary markers: There are no specific instructions or delimiters defined to separate the transcribed content from the agent's internal logic. * Capability inventory: The agent performs complex analysis in Step 5, including decision extraction and action item assignment, which involves reasoning over the untrusted transcript. * Sanitization: No transcript filtering or instruction-scrubbing mechanisms are mentioned.
- [EXTERNAL_DOWNLOADS]: The workflow allows the agent to ingest audio files via remote URLs. While this is a primary feature of the skill, it creates a pathway for fetching data from untrusted network sources.
- [COMMAND_EXECUTION]: Step 1 of the workflow specifies the use of FFmpeg for audio conversion. If the implementation does not strictly validate file paths or input parameters, it could be vulnerable to command injection via malicious file names or metadata.
Audit Metadata