Back to skill

Security audit

Meeting Minutes Generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple meeting-minutes prompt skill with disclosed advertising links and no executable behavior or hidden access.

Before installing, note that this skill is mainly prompt guidance for formatting meeting notes and includes commercial, affiliate, and investment-related promotional links. Use it with meeting content you are comfortable sharing with your agent, especially if the notes contain confidential business or personal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage triggers are very broad everyday phrases such as asking to 'organize this meeting record' or 'this is weekly meeting notes,' without any gating, activation boundaries, or task-scoping constraints. In agent ecosystems that auto-route skills based on natural-language matching, this can cause the skill to activate on unrelated or sensitive user content, increasing the risk of over-collection, unintended processing of confidential notes, or prompt/skill hijacking through ambiguous invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.