azure-ai-transcription-py

The skill consists of markdown documentation and Python code snippets demonstrating how to use the Azure AI Transcription SDK.

1. Unverifiable Dependencies (LOW/INFO): • The SKILL.md file instructs the user to run pip install azure-ai-transcription. The azure-ai-transcription package is part of the Azure SDK, maintained by Microsoft/Azure, which is a trusted GitHub organization. This dependency is noted as an external download but is considered low risk due to its trusted source.

2. Data Exfiltration / Credential Handling (INFO): • The skill correctly demonstrates fetching TRANSCRIPTION_ENDPOINT and TRANSCRIPTION_KEY from environment variables (os.environ), which is a secure practice for handling sensitive information. • The references/acceptance-criteria.md file includes an 'Anti-Pattern' example (❌ INCORRECT: Hardcoding credentials) that explicitly shows hardcoded credentials and labels it as 'WRONG'. This is a pedagogical example to educate users on insecure practices, not a vulnerability within the skill's intended execution.

3. Indirect Prompt Injection (INFO): • The skill's batch transcription examples use content_urls (e.g., content_urls=["https://<storage>/audio.wav"]). This means the skill processes audio content from external URLs. If an attacker could control the content at these URLs, it could potentially lead to indirect prompt injection by embedding malicious instructions or data within the audio that the transcription model might process and pass to a downstream AI agent. This is an inherent risk when processing external, user-controlled data, rather than a direct vulnerability in the skill's code.

No other threats were detected. The skill does not contain prompt injection, obfuscation, privilege escalation, persistence mechanisms, metadata poisoning, or time-delayed attacks. The code snippets are illustrative and do not perform any malicious actions.