Back to skill

Security audit

Meeting Notes

Security checks across malware telemetry and agentic risk

Overview

This skill formats meeting notes and only allows limited external posting after explicit human approval, so it appears safe to install with normal care around sensitive meeting content.

Before approving any connected-tool action, check that the notes do not expose confidential, personnel, customer, roadmap, or legal-sensitive content to the wrong workspace, tracker project, or Slack channel. Use document-only output when the audience or destination is unclear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes instructions to create pages in external systems, create tracker issues, and post links to channels, but does not require a prominent user-facing privacy/sensitivity check before sharing meeting content. Because meeting notes often contain confidential business discussions, personnel information, or roadmap details, an agent could disclose sensitive data to the wrong workspace, project, or audience if the human approval step is misunderstood or incomplete.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.