Security audit

meeting-minutes-qa-tts

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its meeting-to-audio purpose, but it ships with pre-filled meeting memory that could expose or reuse stale meeting content.

Review or delete memory/current_meeting.json and memory/latest_meeting.json before installing. Use this skill only for meeting notes you are comfortable storing locally and converting through SenseAudio, and set SENSEAUDIO_API_KEY only when you intend the skill to use that account.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares capabilities to read files, write files, access environment variables, and use the network, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and the host system may not realize the skill can access local data, write arbitrary output files, and use a secret from the environment to send data to an external TTS service.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The documented behavior says the skill summarizes and answers questions about meeting notes, but the implementation reportedly also supports reading aloud full meeting text, decisions, and action items, and relies on externally provided summary/answer text rather than performing the claimed reasoning itself. This mismatch is dangerous because it can cause users and reviewers to underestimate what content may be processed, stored, and transmitted, especially when meeting minutes may contain sensitive internal information.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The PRD explicitly instructs the skill to persist the latest meeting text and summary in a local JSON file, but it does not require any user notice, consent, retention limit, or sensitivity warning. Meeting minutes commonly contain confidential business, personnel, or customer information, so silent persistence increases the risk of unintended disclosure to other local users, backups, logs, or later processes reading the same file.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The prompt directs the agent to read meeting notes from a path or URL, store the meeting text and summary in local memory, and write mp3 output, but it does not clearly warn about these data-handling behaviors at the user-facing interface level. This can lead users to provide sensitive internal notes without understanding they will be persisted locally and converted into audio files, increasing the risk of unintended disclosure or retention of confidential information.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends meeting text to a third-party TTS service, which can expose sensitive business information, personal data, or confidential minutes outside the local environment. In this skill context, meeting notes are often sensitive, so lack of an explicit disclosure/consent gate increases privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The function persists full meeting text and summary to local disk by default, which can expose sensitive business discussions, personal data, or confidential notes to other local users, backups, or later unintended access. In this skill's context, long-form meeting minutes are likely to contain sensitive content, and the code provides no built-in consent, minimization, retention, or visibility controls before writing that data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal