JMin Meeting Notes

Security checks across malware telemetry and agentic risk

Overview

This appears to be a simple Chinese meeting-minutes formatting skill with no evidence of hidden code, credential use, persistence, or destructive behavior.

Install is reasonable if you want a Chinese meeting-minutes helper. Treat meeting notes as potentially sensitive, provide only content you intend the agent to process, and confirm language/output expectations when using it in multilingual workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase "整理会议纪要" is very broad and does not constrain the type, source, or sensitivity of input the skill should handle. In agent environments, overly broad activation can cause the skill to engage in unintended contexts, processing unrelated or sensitive content and increasing the chance of prompt-routing mistakes or data mishandling.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The README is written entirely in Chinese and presents the interaction pattern in Chinese without indicating that the user can choose another language. This can create ambiguity or mismatches in multilingual environments, causing the skill to override user language preference or produce outputs in an unexpected language, which may lead to usability and workflow errors.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal