ifly-speed-transcription
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a Python script (
scripts/transcribe.py) to automate the transcription workflow, which includes file management and API requests. - [DATA_EXFILTRATION]: Audio data provided by the user is uploaded to iFLYTEK's official processing servers (
upload-ost-api.xfyun.cn) as required for the transcription service to function. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external audio files and returns the transcribed text to the agent, potentially allowing spoken instructions to influence agent behavior.
- Ingestion points: Audio files provided to the
transcribe.pyscript via thefile_pathargument. - Boundary markers: The output text is returned to the agent without specific delimiters or isolation instructions.
- Capability inventory: The skill uses the
requestslibrary to perform network operations and has read access to audio files on the local filesystem. - Sanitization: There is no sanitization or filtering of the transcribed text before it is presented to the agent.
Audit Metadata