Gladia Pre Recorded Transcription

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is for sending audio to Gladia for transcription, and its sensitive data handling is expected for that purpose but should be used carefully.

Install this only if you intend to use Gladia for transcription. Do not submit confidential, regulated, or third-party recordings unless you are authorized to share them with Gladia and any callback or downstream LLM destination. Confirm job IDs before using delete because it removes remote job data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs users to send local audio files, remote URLs, and potentially sensitive derived outputs such as transcripts, summaries, diarization, and PII-redacted data to Gladia, but it does not clearly warn that this data leaves the local environment and is processed by a third-party service. This can cause unintended disclosure of confidential, regulated, or personal information because users may invoke the skill without understanding the external data transfer and retention implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal