The Agent Skills Directory

[DYNAMIC_EXECUTION] (MEDIUM): Scripts in the scripts/ directory use sys.path.insert(0, PARAKEET_PATH) to dynamically load Python modules from a user-defined external path (PARAKEET_HOME). This allows the execution of code from outside the skill package.
[EXTERNAL_DOWNLOADS] (LOW): Recommends installing a third-party application ('handy') via Homebrew and triggers significant model downloads (~1.2GB) from external repositories during runtime.
[COMMAND_EXECUTION] (LOW): The skill executes Python scripts via the shell. While arguments are quoted, it assumes the integrity of the external parakeet-dictate repository and its virtual environment.
[PROMPT_INJECTION] (LOW): Transcribing audio content creates an attack surface for indirect prompt injection. 1. Ingestion points: Audio data is ingested via transcribe.py (file) and dictate.py (microphone). 2. Boundary markers: None. Transcribed text is returned to the agent without delimiters. 3. Capability inventory: The skill uses Bash, Read, and Write tools, which could be abused if the transcribed text contains instructions. 4. Sanitization: No sanitization is performed on the output of the transcription scripts.

parakeet