Skills
skills/lingyichen-ai/openskills/meeting-summary/Gen Agent Trust Hub

meeting-summary

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file executes a system command (mkdir -p /tmp/openskills-uploads) during its dependency setup phase.
  • [COMMAND_EXECUTION]: The scripts/upload.py script contains a path traversal vulnerability. It uses pathlib.Path to combine a base directory with a user-supplied filename. In Python's pathlib, if the second path is absolute, the base path is ignored. This allows for arbitrary file writes if the agent is directed to use an absolute path like /etc/passwd as the filename.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it summarizes untrusted meeting notes without using boundary markers or sanitization.
  • Ingestion points: Meeting text provided by users for summarization in SKILL.md.
  • Boundary markers: Absent. No delimiters are used to isolate meeting content from instructions.
  • Capability inventory: The skill possesses file-writing capabilities through the upload script.
  • Sanitization: Absent. Neither the script nor the instructions validate the input content or the destination filename.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 02:59 PM
Security Audit — agent-trust-hub — meeting-summary