飞书会议总结

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Feishu meeting-summary skill that reads meeting notes and saves summaries as expected, but users should treat the stored meeting content as sensitive.

Install only if you trust the Feishu plugin and are comfortable storing meeting summaries and source links in the configured Feishu workspace. Use a restricted meetings folder, check folder permissions, and avoid highly confidential meetings unless retention and access controls are appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly requires writing generated meeting summaries into Feishu documents, which modifies and persists potentially sensitive meeting content without any required user confirmation, disclosure, or warning about storage side effects. In the context of meeting transcripts and knowledge extraction, this can expose confidential business discussions, personal data, and internal decisions to broader retention and access than the user may expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal