Meeting Notes

Security checks across malware telemetry and agentic risk

Overview

This skill formats meeting notes and saves them locally; its file use is disclosed and aligned with the meeting-archive purpose, though users should confirm where sensitive notes are saved.

Before installing, be aware that the skill is designed to create Markdown files under meetings/ and may look at earlier notes in that folder for recurring meetings. Confirm the destination path when handling confidential meeting content, and avoid storing sensitive transcripts in shared workspaces unless that is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to save generated meeting notes to a file path under `meetings/` without requiring a user confirmation step or warning that a file will be created/modified. In an agent setting, implicit file writes can surprise users, overwrite existing notes, or persist sensitive meeting content to disk when the user only expected formatted output in chat.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal