deepgram-transcription

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and usage that require embedding API keys directly in command lines and Authorization headers (e.g., --api-key YOUR_KEY, -H "Authorization: Token YOUR_API_KEY"), which forces the agent to include secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill reads and transcribes arbitrary user-supplied audio/video files (see scripts/transcribe.py which opens the provided input_file and posts its binary content to the Deepgram API), so it ingests untrusted, third-party/user-generated content that the agent will interpret as part of its workflow.