The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/transcribe.sh script is vulnerable to argument injection within the curl command. The optional parameters for --language and --prompt are expanded using unquoted shell parameter expansion (e.g., ${language:+-F "language=${language}"}). This allows an attacker to inject additional curl flags by including spaces and quotes in the parameter values, which could be used to overwrite local files or exfiltrate data.
[PROMPT_INJECTION]: The skill processes external audio files and returns the resulting transcription, creating a surface for indirect prompt injection where malicious instructions in the audio could influence the agent.
[PROMPT_INJECTION]: Mandatory evidence chain for indirect injection: (1) Ingestion points: The scripts/transcribe.sh script accepts external audio files via the <audio-file> argument. (2) Boundary markers: No delimiters or protective instructions are used when passing the transcribed output back to the agent. (3) Capability inventory: The skill has filesystem write access and network access via curl. (4) Sanitization: No validation, filtering, or sanitization is performed on the audio content or the resulting transcription text.

openai-whisper-api