add-voice-transcription
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Merges code from the official vendor repository at github.com/qwibitai/nanoclaw-whatsapp.git to implement the Whisper API integration.
- [COMMAND_EXECUTION]: Uses shell commands for project building and service restarts, which are necessary for the installation of the transcription module.
- [SAFE]: Provides a secure workflow for the user to provide their own OpenAI API key via environment variables, avoiding hardcoded credentials.
- [SAFE]: Processes external voice data from WhatsApp. The skill implements basic boundary markers by prefixing transcripts with [Voice: ] to separate untrusted data from agent instructions. Evidence for indirect prompt injection surface: Ingestion points: WhatsApp voice notes (src/channels/whatsapp.ts); Boundary markers: [Voice: ] prefix; Capability inventory: Shell commands, Git operations, and service restarts; Sanitization: None specified in the instructions.
Audit Metadata