The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install the azure-ai-transcription package via pip. This package name is non-standard as the official Microsoft SDK for Azure transcription services is azure-ai-speech. This poses a risk of installing a community package that hasn't been verified for security. Evidence: pip install azure-ai-transcription in SKILL.md.
[PROMPT_INJECTION]: The skill processes transcription text generated from external audio sources, creating an attack surface for indirect prompt injection. 1. Ingestion points: Transcribed text results from job.result() and stream events in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: Network operations to Azure cognitive services and package installation capabilities. 4. Sanitization: The skill lacks sanitization or validation of the transcribed output before it is used or printed.

azure-ai-transcription-py