Skills
skills/somtougeh/dotfiles/local-transcript/Gen Agent Trust Hub

local-transcript

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script uses subprocess.run to execute ffmpeg and ffprobe for media processing.
  • Evidence in scripts/get_local_transcript.py shows these calls use argument lists rather than shell strings, which is a secure practice to prevent command injection.
  • The tools are standard requirements for media manipulation and their use matches the stated purpose of the skill.
  • [EXTERNAL_DOWNLOADS]: The skill requires the openai Python package.
  • This dependency is declared in the script metadata and is a well-known, trusted package for interacting with OpenAI services.
  • [DATA_EXFILTRATION]: The skill sends audio data to OpenAI's Whisper API (api.openai.com).
  • This network operation is the documented fallback mechanism for transcription when local subtitles are unavailable.
  • The skill correctly uses the OPENAI_API_KEY environment variable, which is a standard and safe method for credential management.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:08 AM
Security Audit — agent-trust-hub — local-transcript