whisper-extract
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
whispercommand in the shell using user-controlled parameters, including<file_path>,<model>, and<language_code_or_auto>. While the file path is enclosed in double quotes in the template, if the agent's execution environment does not properly escape these variables, a malicious user could provide a path likeaudio.mp3" && [command] && "to execute arbitrary code. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the audio/video content it processes.
- Ingestion points: Raw text extracted from audio/video files via OpenAI Whisper in Step 2.
- Boundary markers: None identified. The transcript is passed directly to the summarization prompt without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has shell execution capabilities (the
whispercommand) and file-writing capabilities (Write). - Sanitization: No evidence of sanitization or filtering of the transcript text before it is used for summary generation in Step 3.
Audit Metadata