The Agent Skills Directory

COMMAND_EXECUTION (HIGH): Argument Injection in scripts/transcribe.sh. The shell script expands optional flags (--language and --prompt) without proper quoting for the expansion itself. Evidence: Line 77 and 78 in scripts/transcribe.sh use ${language:+-F "language=${language}"}. Because the expansion is not outer-quoted, a crafted input for these parameters can perform word splitting and inject additional arguments into the curl command. An attacker could inject flags like -o to overwrite arbitrary system files or --data-binary to read them.
DATA_EXFILTRATION (HIGH): Arbitrary File Read and Transmission. Using the argument injection described above, an attacker could inject curl flags such as -F "file=@/etc/passwd" to exfiltrate sensitive local files to the OpenAI API or redirect the curl output to an attacker-controlled endpoint by injecting a secondary URL.
PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill processes external audio files and user-provided prompt strings that are then sent to a third-party LLM (Whisper).
Ingestion points: scripts/transcribe.sh accepts a file path as a positional argument and a --prompt string.
Boundary markers: Absent; the script acts as a pass-through.
Capability inventory: The script has network access via curl and file-system write access via shell redirection.
Sanitization: Absent; input is not validated before being passed to the shell environment.

openai-whisper-api