The Agent Skills Directory

[Unverifiable Dependencies] (MEDIUM): The script imports 'z-ai-web-dev-sdk', which is not from a recognized trusted provider. This introduces a supply chain risk as the package's contents and behavior have not been verified.
[Data Exposure & Exfiltration] (LOW): The skill reads the contents of local audio files and sends them to an external endpoint. While this is the intended functionality, the destination service is unverified and not on the whitelist of trusted domains.
[Indirect Prompt Injection] (LOW): The skill processes untrusted audio data and converts it to text, which could contain hidden instructions targeting the agent. Evidence Chain: 1. Ingestion points: scripts/asr.ts reads files via fs.readFileSync. 2. Boundary markers: None present to delimit transcribed text from instructions. 3. Capability inventory: Access to file system and external network transmission. 4. Sanitization: No sanitization or validation of the transcribed output is performed before use.

ASR