fireflies-incident-runbook
Facilitates rapid incident response for Fireflies.ai outages, including triage, mitigation, and postmortem procedures.
Install this skill
Security score
The fireflies-incident-runbook skill was audited on May 24, 2026 and we found 27 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 95 | ```bash |
Curl to non-GitHub URL
| 58 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Curl to non-GitHub URL
| 66 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Curl to non-GitHub URL
| 101 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Curl to non-GitHub URL
| 134 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Webhook reference - potential data exfiltration
| 8 | or webhook delivery problems. |
Webhook reference - potential data exfiltration
| 29 | Rapid incident response procedures for Fireflies.ai integration failures. Covers API outages, authentication problems, webhook issues, and rate limiting. |
Webhook reference - potential data exfiltration
| 37 | | P3 | Minor impact | < 4 hours | Webhook delays, missing summaries | |
Webhook reference - potential data exfiltration
| 85 | └─ NO: Webhook issues? |
Webhook reference - potential data exfiltration
| 86 | ├─ Not receiving webhooks → Check dashboard registration |
Webhook reference - potential data exfiltration
| 87 | ├─ Invalid signature → Webhook secret mismatch |
Webhook reference - potential data exfiltration
| 88 | └─ Processing failures → Check your webhook handler logs |
Webhook reference - potential data exfiltration
| 125 | ### Webhook Not Firing -- P2 |
Webhook reference - potential data exfiltration
| 129 | # Verify webhook is registered |
Webhook reference - potential data exfiltration
| 131 | echo "Webhook URL should be your HTTPS endpoint" |
Webhook reference - potential data exfiltration
| 133 | # Test by uploading audio (triggers webhook when done) |
Webhook reference - potential data exfiltration
| 139 | "variables": { "input": { "url": "https://example.com/test.mp3", "title": "Webhook Test" } } |
Webhook reference - potential data exfiltration
| 142 | # Remember: webhooks only fire for meetings YOU own (organizer_email) |
Webhook reference - potential data exfiltration
| 145 | ### Invalid Webhook Signature -- P3 |
Webhook reference - potential data exfiltration
| 151 | function debugWebhookSignature(payload: string, receivedSig: string, secret: string) { |
Webhook reference - potential data exfiltration
| 221 | - [Fireflies Webhooks](https://docs.fireflies.ai/graphql-api/webhooks) |
External URL reference
| 50 | -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 58 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 66 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 101 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 134 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 139 | "variables": { "input": { "url": "https://example.com/test.mp3", "title": "Webhook Test" } } |