Azure Speech Service

Security checks across malware telemetry and agentic risk

Overview

The skill appears to expose OpenAI resource-management actions, including deletes, but the risky actions are disclosed and no hidden or unrelated behavior is evidenced.

Install only if you want an agent to manage real OpenAI resources. Before any delete request, have the agent restate the exact target resource, confirm whether the action is reversible, and ask for explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill prominently lists destructive actions such as deleting models, endpoints, files, projects, transcriptions, and webhooks without warning that they can permanently remove cloud resources or data. In an agent context, this increases the chance of unsafe execution from ambiguous user requests or over-eager automation, leading to accidental loss of service configuration or data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal