transcribe

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to embed the original $ARGUMENTS value verbatim—both in a bash command (transcribe.sh "") and by replacing [SOURCE] in the analysis template—so if the user supplies a URL or filename that contains secrets (e.g., tokens or credentials) the LLM will output them directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads audio from arbitrary URLs (yt-dlp in transcribe.sh and SKILL.md / README usage like "transcribe https://..."), produces a .vtt transcript, and the required ANALYSIS_PROMPT.md instructs the agent to read the entire .vtt and base its analysis on that content—so untrusted, user-provided web content is ingested and directly drives the agent's outputs.