Meeting Prep

Security checks across malware telemetry and agentic risk

Overview

This meeting-briefing skill is coherent and non-executable, but it may research people online and use available notes or CRM history.

Install if you are comfortable with the agent searching attendee and company names online and using any meeting notes or CRM data it can access. Keep CRM or private notes out of the agent environment unless you want them used, and review briefs before sharing them externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger examples are broad enough that the skill may activate on casual user mentions of meetings without clear intent to invoke this capability. That can cause unintended collection or synthesis of external and internal information, increasing privacy and data-minimization risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to use web search for every person and company and to pull prior notes or CRM data, but it provides no user notice, consent boundary, or restriction on sensitive/internal records. In context, this increases the chance of over-collection, privacy violations, and disclosure of internal relationship data during routine meeting prep.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal