The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/transcribe.py to execute external AI command-line interfaces such as the Claude CLI and GitHub Copilot CLI. It also executes shell commands to check for the presence of tools like ffmpeg and to manage Python package installations via pip.
[EXTERNAL_DOWNLOADS]: The installation script scripts/install-requirements.sh downloads AI models (approximately 74MB to 1.5GB) from official repositories for Faster-Whisper and OpenAI Whisper. These are well-known technology providers and do not pose a direct security threat, but users should be aware of the network activity during setup.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
Ingestion points: Untrusted audio content is transcribed into text in scripts/transcribe.py.
Boundary markers: The skill uses simple triple-dash delimiters (---) to separate the transcription from instructions, which may not be sufficient to prevent a sophisticated injection from overriding the agent's summary instructions.
Capability inventory: The system can execute external CLI tools and write to the local file system based on processed output.
Sanitization: There is no evidence of sanitization or filtering of the transcribed text before it is interpolated into prompts for the AI LLMs.

audio-transcriber