Back to skill

Security audit

Meeting Notes

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only meeting-notes helper that summarizes user-provided meeting text and does not request files, credentials, network access, persistence, or code execution.

This skill appears safe to install. Before using it, review meeting notes for confidential business details, personal data, credentials, or regulated information, and manually verify generated action items and assigned owners for important meetings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger example uses a very broad everyday phrase ('帮我整理这会议纪要') that can easily match normal user conversation and unintentionally invoke the skill. Because this skill processes meeting notes, accidental activation could cause unintended ingestion, transformation, or exposure of sensitive business content from ordinary chat context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to process meeting records, which commonly contain confidential business discussions, personnel information, deadlines, budgets, and strategic decisions, yet it provides no privacy or data-handling warning. This omission increases the risk that users will submit sensitive content without understanding retention, sharing, or review implications, leading to accidental disclosure or compliance issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.