Back to skill

Security audit

Meeting Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a coherent meeting-notes helper that works on user-provided text and does not request tools, credentials, persistence, or automatic sending authority.

Safe to install as a meeting summarization assistant. Before using it on real transcripts or sharing generated follow-up emails, review and redact confidential business details, personal data, HR/legal topics, secrets, and client-sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes very broad phrases such as 'meeting notes' and 'what was decided', which can match ordinary user requests outside a clearly intended skill invocation path. Overbroad activation can cause the skill to process unrelated or sensitive content unexpectedly, increasing the chance of inappropriate data handling or unintended behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions describe broad categories like meeting summarization and recap generation without defining exclusion criteria or disambiguation rules. This makes accidental activation more likely, especially for generic productivity requests, which could lead to unintended transformation, retention, or exposure of sensitive meeting content.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
This skill is designed to ingest meeting transcripts, which commonly contain confidential business information, personal data, and internal decisions, yet it provides no warning or handling guidance for sensitive content. Without such safeguards, users may submit protected information without understanding the privacy implications, raising confidentiality and compliance risks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.