transcribe
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a bundled Python CLI script (
scripts/transcribe_diarize.py) and instructs the agent to execute it for processing audio files. This is a standard architectural pattern for such tasks. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the
openaipackage from standard registries (PyPI) viapiporuv. This is a well-known and trusted dependency. - [DATA_EXPOSURE]: The script reads local audio files and environment variables (
OPENAI_API_KEY) to facilitate API requests. It explicitly instructs the agent never to ask the user to paste keys into the chat, adhering to secure secret management practices. - [PROMPT_INJECTION]: As the skill processes untrusted audio data and converts it into text that enters the agent's context (the transcription), there is a surface for indirect prompt injection. However, this is inherent to the transcription use-case and the skill itself does not provide dangerous capabilities that would make this surface highly exploitable.
Audit Metadata