Meeting Assistant

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only meeting assistant skill with no executable code or install-time behavior, though users should handle meeting transcripts carefully.

Before using this with real meetings, confirm participant consent and your organization's rules for recording or transcribing. Avoid sensitive or regulated meeting content unless you know where transcripts are processed and stored; the skill itself does not document privacy, retention, or third-party processing details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises real-time transcription support and meeting minute generation without any warning about consent, retention, storage, or handling of potentially sensitive meeting data. In a meeting-assistant context, transcripts and minutes often contain confidential business, personal, or regulated information, so omission of privacy guidance can lead users to deploy the skill in ways that violate policy or privacy obligations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal