The Agent Skills Directory

[COMMAND_EXECUTION]: The setup.sh script performs administrative tasks including installing system packages via apt-get, modifying file permissions with chmod, and managing services with docker compose. The skill also executes chrome-a11y for browser interaction and PulseAudio utilities (pactl, parecord) for audio management.
[EXTERNAL_DOWNLOADS]: During initial setup, the skill downloads system dependencies from official repositories and Python packages (requests, websockets, aiofiles) from the standard registry. It also pulls the Speaches transcription server image from the GitHub Container Registry (ghcr.io).
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from meeting audio.
Ingestion points: Meeting audio is transcribed and saved to /tmp/meetings/<id>/transcript.txt and /tmp/meetings/<id>/mentions.txt (managed in scripts/meeting-recorder-setup/meeting-transcriber-batch.py).
Boundary markers: The transcribed text is stored as raw strings without delimiters or instructions for the agent to ignore embedded commands.
Capability inventory: The agent has access to browser automation tools (chrome-a11y) and a chat function to interact with meeting participants.
Sanitization: There is no validation or filtering performed on the transcribed speech before the agent processes it.

meeting-recorder