speech-to-text

SUSPICIOUS. The skill's core STT behavior matches its purpose, and data flows appear proportionate to transcription. However, install trust is weakened by a transitive skill-install step for the required CLI, indirect/raw install references, broad Bash permission, and reliance on third-party CLI-mediated auth. This looks more like a medium-risk supply-chain/trust issue than confirmed malware.