Skills
skills/iflytek/ifly-skills/iflytek-speed-transcription/Gen Agent Trust Hub

iflytek-speed-transcription

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a standard integration for iFlytek's transcription service. No malicious behavior was identified.
  • [COMMAND_EXECUTION]: Provides a dedicated Python script (scripts/transcribe.py) for audio transcription. The script's logic is focused on the stated purpose of the skill.
  • [EXTERNAL_DOWNLOADS]: Communicates with well-known service domains (upload-ost-api.xfyun.cn, ost-api.xfyun.cn) for legitimate data processing. All network activity is associated with the official vendor service.
  • [PROMPT_INJECTION]: The skill has a potential indirect prompt injection surface as it processes external audio data into text that enters the agent context. 1. Ingestion points: Audio files at file_path processed by scripts/transcribe.py. 2. Boundary markers: None identified in the script output. 3. Capability inventory: CLI execution of the transcription script. 4. Sanitization: No explicit sanitization of transcribed text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 03:30 AM
Security Audit — agent-trust-hub — iflytek-speed-transcription