pp-fireflies

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the fireflies-pp-cli binary. Installation methods include using npx for the @mvanhorn/printing-press package and go install for the repository github.com/mvanhorn/printing-press-library.\n- [COMMAND_EXECUTION]: The skill relies on the Bash tool to run the fireflies-pp-cli utility, executing shell commands based on user-provided arguments.\n- [DATA_EXFILTRATION]: The skill utilizes a CLI tool with a built-in --deliver webhook:<url> functionality, enabling the transmission of command output to arbitrary external URLs. Furthermore, the feedback command allows sending data to a remote FIREFLIES_FEEDBACK_ENDPOINT.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection.\n
  • Ingestion points: Meeting transcripts, summaries, and action items are ingested from the Fireflies.ai API into the agent context (SKILL.md).\n
  • Boundary markers: The skill lacks explicit delimiters or instructions to treat meeting content as untrusted data.\n
  • Capability inventory: The agent can perform shell commands, write transcripts to local files (--vault), and send data to external webhooks.\n
  • Sanitization: No validation or sanitization is performed on the transcript data before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 03:20 AM
Security Audit — agent-trust-hub — pp-fireflies