fathom
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is well-implemented and performs its functions as advertised without any malicious intent or security flaws. Communication is restricted to the official Fathom API, and no unauthorized data processing was detected.
- [DATA_EXFILTRATION]: All network requests are directed to the official Fathom API domain (api.fathom.ai). Sensitive API keys are handled correctly through environment variables as specified in the metadata, and there is no evidence of credentials or meeting data being exfiltrated to unauthorized third parties.
- [EXTERNAL_DOWNLOADS]: The skill uses the 'httpx' library, which is a standard, well-known, and secure Python package for handling HTTP requests. No unverified or suspicious external dependencies are used.
- [COMMAND_EXECUTION]: The Python script does not use any functions for executing arbitrary shell commands, such as subprocess.run or os.system. User input is validated (e.g., date and limit checks) before being used in API requests.
- [PROMPT_INJECTION]: The instructions and examples provided in SKILL.md are descriptive and focused on legitimate meeting query use cases. They do not contain any patterns designed to bypass safety filters or override the agent's behavioral guidelines.
Audit Metadata