Meeting Notes Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a review concern because it claims to be an AI meeting-notes assistant, but the shipped code only prints canned sample notes and placeholder exports.

Treat this as a demo/template utility, not a working AI meeting assistant. Do not rely on it for real transcription, summaries, action tracking, attendee emails, or integrations, and avoid giving it sensitive meeting content until the publisher clearly labels mock output or implements and documents the promised processing and data-handling controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill metadata and help text present this as an AI-powered meeting assistant capable of transcription, summarization, extraction, and task assignment, but the implementation only emits hardcoded sample data and static templates. This is a security-relevant integrity issue because users may trust fabricated output as if it were derived from real meeting content, leading to business decisions, recordkeeping errors, or disclosure to others under false pretenses.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The help text advertises 'add' and 'complete' action-item commands, but the command handler only supports 'list' and 'overdue'. In an agent or automation context, this mismatch can cause failed workflows, silent task-management gaps, and unsafe assumptions that action items were recorded or completed when no such state change occurred.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly mentions cloud AI processing and sending notes to attendees, which can expose sensitive meeting content, participant identities, and action items to third parties or unintended recipients if users are not warned or given controls. In a meeting-notes context, the data often contains confidential business, HR, legal, or client information, making silent external sharing materially risky.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal