transcribe

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to insert the original $ARGUMENTS (URL or file path) into the analysis template and to run a shell command with that argument, which would require the LLM to include the argument verbatim and could exfiltrate secrets if the argument contains tokens/presigned URLs or other sensitive values.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads audio from arbitrary public URLs via yt-dlp (see download_and_extract_audio in transcribe.sh and the SKILL.md/README mention of YouTube and "yt-dlp-supported sites") and then reads/ingests the generated .vtt transcript as part of the required Analysis step (ANALYSIS_PROMPT.md instructs using the Read tool to ingest the entire .vtt), so untrusted user-generated third‑party content can directly influence the agent's outputs.