The Agent Skills Directory

DATA_EXFILTRATION (HIGH): The skill implements a workflow that reads local files and uploads them to api.assemblyai.com for transcription. This creates a significant exfiltration surface where an attacker could trick the agent into 'transcribing' sensitive configuration or credential files (e.g., ~/.ssh/id_rsa, .env) and sending them to the external API.
Ingestion points: Local file paths and remote URLs provided by the user or found in processed data (SKILL.md).
Boundary markers: None identified; the skill does not use delimiters or instructions to prevent the agent from acting on content within the files it processes.
Capability inventory: The skill uses the Exec tool to run node, which reads local file system content and performs network POST requests.
Sanitization: No validation is performed on the file type or path before it is passed to the transcription script.
EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions (README.md) direct users to download and install the skill from a non-whitelisted third-party GitHub repository (tristanmanchester/agent-skills).
COMMAND_EXECUTION (MEDIUM): The usage patterns involve passing complex JSON strings via the --config flag to a shell command. This is highly susceptible to shell injection or breakage if the agent interpolates user-controlled data into the JSON string without rigorous escaping.

assemblyai-transcribe