Security audit

Meeting Prep Agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent meeting-prep skill, but it can automatically read and store sensitive client, calendar, and financial context without clear opt-in or retention controls.

Install only if you are comfortable granting access to client, calendar, notes, and financial context. Use scoped folders/accounts where possible, review generated briefs before keeping or sharing them, and periodically delete or redact stored meeting logs that should not persist.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill enables automatic generation and storage of meeting briefs by combining calendar, CRM, financial, and web data, which can include sensitive client and business information. Although the document includes some privacy rules, it does not require explicit user opt-in, clear notice, or data-minimization controls for this proactive processing, creating a real privacy and over-collection risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.