volc-audio-transcription

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). Although it mentions secure env-var usage, the prompt also provides examples that pass APP_KEY and ACCESS_KEY directly on the command line and hard-code them into Python calls, which would encourage or require the LLM to emit secret values verbatim in generated commands/code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires submitting arbitrary public audio URLs (see SKILL.md "audio URL 要求" and command examples using --url "https://公网可访问的音频URL") and includes scripts/transcribe_local.py that exposes local files via ngrok to produce a public URL, so the agent ingests untrusted, user-hosted audio whose transcribed text could contain instructions influencing subsequent actions.