Skills
skills/steipete/clawdis/openai-whisper-api/Gen Agent Trust Hub

openai-whisper-api

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/transcribe.sh executes system commands to perform its tasks.
  • Evidence: The script invokes curl for API communication and node -e to execute an inline JavaScript block that processes the transcription data.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to external endpoints.
  • Evidence: It sends audio files and the OPENAI_API_KEY to the OpenAI Transcriptions API. The default destination is api.openai.com, which is a well-known service.
  • [PROMPT_INJECTION]: The skill acts as an ingestion point for external data that could contain malicious instructions (Indirect Prompt Injection surface).
  • Ingestion points: Audio files provided by the user are processed and converted to text via scripts/transcribe.sh.
  • Boundary markers: Absent; the script does not wrap the output transcription in delimiters or include instructions for the agent to ignore embedded content.
  • Capability inventory: The skill possesses file write capabilities and network access via the transcribe.sh script.
  • Sanitization: No sanitization or filtering is performed on the text generated from the audio input.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 08:31 PM
Security Audit — agent-trust-hub — openai-whisper-api