Skills
skills/microsoft/skills/azure-speech-to-text-rest-py/Gen Agent Trust Hub

azure-speech-to-text-rest-py

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
  • Indirect Prompt Injection / Data Exposure (HIGH): The Python functions transcribe_with_pronunciation_assessment and full_pronunciation_assessment accept a file path (audio_file_path / audio_path) directly from input parameters without validation.
  • Ingestion points: File paths passed to the transcription functions in references/pronunciation-assessment.md.
  • Boundary markers: Absent. There are no checks to ensure the path resides within a restricted directory or corresponds to a valid audio file.
  • Capability inventory: The code uses open(path, "rb") to read local files and requests.post() to send the resulting binary data to a remote URL (stt.speech.microsoft.com).
  • Sanitization: Absent. No path normalization or extension filtering is performed.
  • Evidence: If an agent is coerced into passing a sensitive path (e.g., ~/.ssh/id_rsa or /etc/passwd) as the audio file argument, the skill will read that file and transmit its contents to the Azure Speech API endpoint.
  • Network Operations (LOW): The skill transmits data to a non-whitelisted domain (stt.speech.microsoft.com). While this is a legitimate Azure service, within the context of the unvalidated file read, it provides an exfiltration channel for local data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 05:00 PM