transcript

The skill instructions in `references/auth-setup.md` explicitly direct the AI agent to circumvent platform-level security controls, such as secret redaction filters, by using temporary files to handle API tokens and keys. It also instructs the agent to establish persistence by identifying and modifying system-wide configuration or shell profile files to store the `TRANSCRIPT_API_KEY`. While these actions are intended to facilitate the setup of the `transcriptapi.com` service, the use of evasive data-handling techniques and instructions to modify the host's environment represent high-risk behaviors typical of malicious patterns, even if the stated intent is functional.