The Agent Skills Directory

[COMMAND_EXECUTION]: The transcribe.js script uses execSync with a template literal that directly interpolates the filePath variable into a shell command for ffprobe. This allows for arbitrary shell command execution if a filename contains metacharacters such as backticks or semicolons. The transcribe.sh wrapper script is similarly vulnerable to command injection via its command-line argument used in a curl call.\n- [DATA_EXFILTRATION]: The skill reads the contents of the file specified in the filePath parameter and uploads it to the Groq or OpenAI APIs. An attacker could use this functionality to exfiltrate sensitive files from the host system by providing their paths as input to the transcription command.\n- [EXTERNAL_DOWNLOADS]: The skill makes network connections to api.groq.com and api.openai.com. These are recognized as well-known technology services and are used here for the skill's primary transcription functionality.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transcribes untrusted audio content that could contain instructions designed to influence the agent's behavior. Ingestion points: File input in transcribe.js and transcribe.sh. Boundary markers: None. Capability inventory: System command execution via execSync and spawn, and network access via https.request. Sanitization: No sanitization is performed on input file contents or transcribed text output.

transcribe