The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the azure-ai-transcription package via pip. This package name uses naming conventions identical to official Microsoft Azure SDKs (e.g., azure-ai-formrecognizer) but does not match the standard official library for transcription services, which is typically azure-ai-speech or azure-cognitiveservices-speech. This creates a risk of dependency confusion or typosquatting where a community-provided package mimics an official one.- [COMMAND_EXECUTION]: The installation process involves executing pip install azure-ai-transcription, which runs a system command to download and install external code of unverified provenance.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
Ingestion points: The content_urls parameter in begin_transcription and the audio file path in send_audio_file allow the agent to process external, potentially attacker-controlled audio content.
Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or treats transcribed text as untrusted data.
Capability inventory: The skill performs network requests to Azure endpoints and outputs transcribed text to the agent's context.
Sanitization: No sanitization, filtering, or validation is performed on the transcription results before they are returned to the agent or displayed.

azure-ai-transcription-py