Security Audit
dkyazzentwatwa/chatgpt-skills:meeting-notes-formatter
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:meeting-notes-formatter received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via Input Path, Arbitrary File Write via Output Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read via Input Path The skill allows reading arbitrary files from the filesystem by accepting an unvalidated file path as input via `MeetingNotesFormatter.from_file()` and the `--input` CLI argument. An attacker could specify paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and have their content processed and potentially exposed in the formatted output (Markdown, PDF, or `to_dict()` return value). This constitutes a data exfiltration vulnerability. Implement strict path validation to ensure that input file paths are restricted to a designated, non-sensitive directory or that they are relative paths within a secure working directory. Disallow absolute paths or paths containing directory traversal sequences (e.g., `../`). | LLM | scripts/notes_formatter.py:55 | |
| HIGH | Arbitrary File Write via Output Path The skill allows writing to arbitrary file paths on the filesystem via the `save()` method and the `--output` CLI argument. An attacker could specify a path to an important system file or a user's configuration file, potentially overwriting it with formatted meeting notes content. This could lead to denial of service or, in conjunction with other vulnerabilities, command injection if a malicious script is written and subsequently executed. Implement strict path validation for output file paths. Restrict output to a designated, non-sensitive directory. Disallow absolute paths or paths containing directory traversal sequences (e.g., `../`). | LLM | scripts/notes_formatter.py:271 | |
| MEDIUM | Unpinned Python dependency version Requirement 'reportlab>=4.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | meeting-notes-formatter/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dateutil>=2.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | meeting-notes-formatter/scripts/requirements.txt:2 | |
| INFO | Unpinned Dependencies The `requirements.txt` file and the skill description specify dependencies using a minimum version (`>=`) rather than exact pinned versions (`==`). While this allows for automatic updates, it introduces a minor supply chain risk as future versions of these libraries could introduce breaking changes, vulnerabilities, or unexpected behavior without explicit review. Pin dependencies to exact versions (e.g., `reportlab==4.0.0`) to ensure deterministic builds and prevent unexpected changes from upstream library updates. Regularly review and update pinned versions. | LLM | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b5e1dcd6392da2d8)
Powered by SkillShield