Skills
skills/ace-step/ace-step-skills/acestep-lyrics-transcription/Gen Agent Trust Hub

acestep-lyrics-transcription

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/acestep-lyrics-transcription.sh contains a command injection vulnerability in the words_to_lrc and words_to_srt functions. The variable $output_file, which is derived from the user-controlled --output command-line argument, is interpolated directly into a Python script executed via python -c using single quotes. A malicious path (e.g., one containing '); import os; os.system('... ) could break out of the string literal and execute arbitrary code.
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill transcribes external audio data that may contain spoken instructions designed to manipulate the agent. The skill's workflow (defined in SKILL.md) instructs the agent to read the resulting transcription file and perform manual corrections, providing an opportunity for embedded malicious instructions to be processed and obeyed by the agent.
  • [DATA_EXPOSURE]: The skill manages sensitive API keys in scripts/config.json. While it includes logic to mask these keys in standard output (config --list) and instructs the agent not to display them, the keys are stored in plain text on the local filesystem.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 11:04 AM