Skills
skills/ericgandrade/cli-ai-skills/audio-transcriber/Gen Agent Trust Hub

audio-transcriber

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). In scripts/transcribe.py, the transcribed text from audio files is directly interpolated into a prompt template (full_prompt = f"{prompt}\n\n--- \nTranscrição:\n\n{transcript}") and sent to Claude or GitHub Copilot CLI for processing. Spoken instructions embedded in the audio file could influence the LLM to ignore the skill's instructions or output malicious content.
  • [COMMAND_EXECUTION]: The skill utilizes subprocess.run to execute external CLI tools such as claude, gh copilot, ffmpeg, and ffprobe. While the implementation uses list-based arguments to prevent basic shell injection, the content passed to these tools originates from potentially untrusted audio transcripts.
  • [EXTERNAL_DOWNLOADS]: The skill performs remote downloads in multiple ways: it downloads pre-trained AI models (Whisper/Faster-Whisper) from public repositories during first run, and it fetches Python packages from the standard PyPI registry during installation and execution.
  • [REMOTE_CODE_EXECUTION]: In scripts/transcribe.py, the script checks for the presence of the rich and tqdm libraries and, if missing, attempts to install them automatically using subprocess.run([sys.executable, "-m", "pip", "install", "--user", "package"]). Runtime installation of dependencies from external registries is a potential risk vector.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 12:36 PM
Security Audit — agent-trust-hub — audio-transcriber