Back to skill

Security audit

AssemblyAI advanced speech transcription

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate AssemblyAI transcription skill, but it includes an under-disclosed transcript deletion command that can remove remote data without confirmation.

Install only if you are comfortable giving this skill AssemblyAI API access and sending selected media, transcript text, prompts, and configured URLs to AssemblyAI services. Treat meeting recordings and transcripts as sensitive data, configure EU endpoints if required, keep API keys out of chat logs, and avoid exposing the `delete` command to automated workflows unless you have separate safeguards or explicit user approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script exposes a destructive `delete` command that remotely deletes transcripts, but the skill description only presents transcription, formatting, and analysis capabilities. This mismatch can mislead users or orchestrators into invoking a skill with broader authority than expected, increasing the risk of accidental or policy-bypassing data deletion.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Remote deletion of transcripts is not necessary for the advertised core purpose of transcribing and formatting media. Including an unnecessary destructive capability violates least privilege and expands the blast radius if the skill is misused, invoked by mistake, or influenced by prompt/agent confusion.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports uploading local files and sending public URLs to AssemblyAI, but the documentation does not prominently warn that user-provided audio/video content is transmitted to a third-party service for remote processing. In an agent workflow, this omission can cause sensitive recordings or internal URLs to be sent off-platform without the user or operator making an informed data-handling decision.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation states that transcript text is sent to an external LLM Gateway endpoint but does not warn users that potentially sensitive audio-derived content will leave the local environment and be processed by a remote service. In a transcription workflow, transcripts often contain PII, confidential business discussions, or regulated data, so omission of a clear privacy/data-transfer notice can lead to unintended disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The `delete` command executes immediately once given a transcript ID and API key, with no confirmation prompt, high-visibility warning, or safety interlock beyond an optional `--dry-run`. In agent-driven contexts, this makes accidental or manipulated irreversible deletion substantially more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/assemblyai.mjs:23