Skills
skills/daymade/claude-code-skills/transcript-fixer/Gen Agent Trust Hub

transcript-fixer

Fail

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The script scripts/fix_transcript_enhanced.py includes a find_glm_api_key function that reads sensitive shell configuration files, including ~/.zshrc, ~/.bashrc, ~/.bash_profile, and ~/.profile. This functionality is intended to automatically extract the GLM_API_KEY for the user. Although the extracted keys are handled locally and masked in console output via utils/security.py, accessing these files is a high-risk behavior associated with credential harvesting.
  • [COMMAND_EXECUTION]: The skill frequently uses subprocess.run across several scripts. In scripts/fix_transcript_enhanced.py, it executes core logic via the uv package manager. In scripts/ensure_deps.py, it initializes virtual environments and installs dependencies. While these actions support the skill's primary workflow, they involve the execution of shell commands and the spawning of external processes.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file provides instructions for users to install the uv package manager using curl -LsSf https://astral.sh/uv/install.sh | sh and a PowerShell equivalent. These downloads originate from astral.sh, which is the official domain for the well-known uv tool. Per security protocols, downloads from well-known technology domains are documented neutrally as intended setup components.
  • [DYNAMIC_EXECUTION]: The health check utility in scripts/utils/health_check.py utilizes the __import__ function to dynamically check if required Python packages (httpx, filelock) are installed. The module names are retrieved from a hardcoded list, minimizing the risk of arbitrary code execution.
  • [PROMPT_INJECTION]: The skill processes transcription data which is passed into an LLM context. It uses structured markdown headers (e.g., **需要修复的内容**:) to separate instructions from data. While standard LLM safety guardrails apply, the skill's ability to write to the file system and execute commands via uv creates an attack surface for indirect prompt injection if malicious instructions are embedded in the processed transcripts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 6, 2026, 07:09 AM