video-transcribe

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/transcribe.py uses subprocess.run to call yt-dlp. While it uses shell execution indirectly, the arguments are passed as a list, which is a standard and safe practice for CLI-based utility skills to interface with established tools like yt-dlp and ffmpeg.
  • [EXTERNAL_DOWNLOADS]: The skill downloads content from user-provided URLs using yt-dlp and downloads AI model weights for faster-whisper. These are expected behaviors for a transcription tool and utilize well-known, legitimate services.
  • [DATA_EXFILTRATION]: There is no evidence of sensitive data being accessed or transmitted. The network operations are limited to downloading the requested video and model weights.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM