meeting-autopilot

The OpenClaw AgentSkills skill bundle 'meeting-autopilot' is classified as benign. The code demonstrates strong security practices, including rigorous input sanitization for file paths and meeting titles (e.g., in `scripts/meeting-autopilot.sh`), safe JSON construction using `jq --arg` for all LLM API calls and history storage (e.g., in `scripts/extract-items.sh`, `scripts/generate-outputs.sh`), and piping user-provided transcript content to isolated Python parsers via stdin (e.g., in `scripts/parse-transcript.sh`) to prevent shell injection. Permissions requested (`exec`, `read`, `write`, `network`) are justified by the skill's stated purpose. The `SKILL.md` and `README.md` contain no prompt injection attempts against the agent, and the `SECURITY.md` file provides transparent and comprehensive documentation of the skill's data handling and security model, including the inherent risk of sending transcripts to third-party LLMs.