The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data (meeting transcripts and user-provided context files).
Ingestion points: Raw meeting transcripts and context.md files provided by the user are read into the agent's context.
Boundary markers: While the skill provides clear task separation, it does not explicitly instruct the agent to use robust delimiters (like XML tags or unique markers) when passing transcript segments to subagents, which could allow instructions embedded in the transcript to be executed.
Capability inventory: The skill has the capability to create directories, write files to the local file system, and spawn subagents via the Task tool.
Sanitization: There is no mention of sanitizing or escaping the transcript content before it is interpolated into prompts for the subagents.
[COMMAND_EXECUTION]: The skill documentation recommends using markitdown (an official Microsoft utility) and uv for pre-processing documents. These are well-known and trusted developer tools, and their use is documented for the purpose of document conversion.
[REMOTE_CODE_EXECUTION]: The skill uses the Task tool to orchestrate parallel processing by spawning multiple subagents. This involves dynamic generation of instructions (prompts) based on the input transcript and file paths. This is a standard pattern for complex agent tasks but involves runtime assembly of executable instructions for the subagents.

meeting-minutes-taker