The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts/setup.py and scripts/server.py scripts facilitate the download of speech recognition, voice activity detection (VAD), and punctuation models from the ModelScope repository (specifically the iic and damo organizations, which are associated with Alibaba). These downloads target well-known, official model registries. \n- [COMMAND_EXECUTION]: Multiple scripts (setup.py, server.py, auto_transcribe.py, init_env.py) utilize the subprocess module to manage the execution environment. This includes installing Python dependencies via pip, detecting system tool paths (like curl and ffmpeg), and managing the lifecycle of the local transcription server. These operations are essential for the skill's functionality as a local service provider. \n- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface in scripts/summary.py. Transcribed text is interpolated into an LLM prompt to generate summaries. While this is a common attack vector, the skill uses standard task-oriented prompts and is a core part of its intended functionality. \n- [REMOTE_CODE_EXECUTION]: Automated analysis flagged local network communication patterns as a risk. Technical review confirms these are benign health checks performed by scripts/auto_transcribe.py against the local server (127.0.0.1:8765) to ensure it has successfully initialized before sending transcription tasks.

funasr-transcribe