fireflies-incident-runbook
Facilitates rapid incident response for Fireflies.ai outages, including triage, mitigation, and postmortem procedures.
Install this skill
Security score
The fireflies-incident-runbook skill was audited on May 12, 2026 and we found 27 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 93 | ```bash |
Curl to non-GitHub URL
| 57 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Curl to non-GitHub URL
| 65 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Curl to non-GitHub URL
| 99 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Curl to non-GitHub URL
| 130 | curl -s -X POST https://api.fireflies.ai/graphql \ |
Webhook reference - potential data exfiltration
| 8 | or webhook delivery problems. |
Webhook reference - potential data exfiltration
| 28 | Rapid incident response procedures for Fireflies.ai integration failures. Covers API outages, authentication problems, webhook issues, and rate limiting. |
Webhook reference - potential data exfiltration
| 36 | | P3 | Minor impact | < 4 hours | Webhook delays, missing summaries | |
Webhook reference - potential data exfiltration
| 84 | └─ NO: Webhook issues? |
Webhook reference - potential data exfiltration
| 85 | ├─ Not receiving webhooks → Check dashboard registration |
Webhook reference - potential data exfiltration
| 86 | ├─ Invalid signature → Webhook secret mismatch |
Webhook reference - potential data exfiltration
| 87 | └─ Processing failures → Check your webhook handler logs |
Webhook reference - potential data exfiltration
| 122 | ### Webhook Not Firing -- P2 |
Webhook reference - potential data exfiltration
| 125 | # Verify webhook is registered |
Webhook reference - potential data exfiltration
| 127 | echo "Webhook URL should be your HTTPS endpoint" |
Webhook reference - potential data exfiltration
| 129 | # Test by uploading audio (triggers webhook when done) |
Webhook reference - potential data exfiltration
| 135 | "variables": { "input": { "url": "https://example.com/test.mp3", "title": "Webhook Test" } } |
Webhook reference - potential data exfiltration
| 138 | # Remember: webhooks only fire for meetings YOU own (organizer_email) |
Webhook reference - potential data exfiltration
| 141 | ### Invalid Webhook Signature -- P3 |
Webhook reference - potential data exfiltration
| 146 | function debugWebhookSignature(payload: string, receivedSig: string, secret: string) { |
Webhook reference - potential data exfiltration
| 211 | - [Fireflies Webhooks](https://docs.fireflies.ai/graphql-api/webhooks) |
External URL reference
| 49 | -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 57 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 65 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 99 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 130 | curl -s -X POST https://api.fireflies.ai/graphql \ |
External URL reference
| 135 | "variables": { "input": { "url": "https://example.com/test.mp3", "title": "Webhook Test" } } |