pp-fireflies
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
fireflies-pp-clibinary. Installation methods include usingnpxfor the@mvanhorn/printing-presspackage andgo installfor the repositorygithub.com/mvanhorn/printing-press-library.\n- [COMMAND_EXECUTION]: The skill relies on theBashtool to run thefireflies-pp-cliutility, executing shell commands based on user-provided arguments.\n- [DATA_EXFILTRATION]: The skill utilizes a CLI tool with a built-in--deliver webhook:<url>functionality, enabling the transmission of command output to arbitrary external URLs. Furthermore, thefeedbackcommand allows sending data to a remoteFIREFLIES_FEEDBACK_ENDPOINT.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection.\n - Ingestion points: Meeting transcripts, summaries, and action items are ingested from the Fireflies.ai API into the agent context (SKILL.md).\n
- Boundary markers: The skill lacks explicit delimiters or instructions to treat meeting content as untrusted data.\n
- Capability inventory: The agent can perform shell commands, write transcripts to local files (
--vault), and send data to external webhooks.\n - Sanitization: No validation or sanitization is performed on the transcript data before it is presented to the agent.
Audit Metadata