meeting-recorder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously joins user-provided Google Meet URLs (see start-meeting.sh / SKILL.md), captures live meeting audio and chat (meeting-transcriber*.py and read-chat.sh), writes untrusted, user-generated transcripts that "Claude reads, summarizes, [and] responds via chat" (SKILL.md / REFERENCE.md), and can send messages into the meeting (send-chat.sh), so third-party content directly influences agent decisions and actions.