parakeet
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted audio input and returns the transcribed text to the agent's context without sanitization or boundary markers.
- Ingestion points:
scripts/transcribe.py(via file transcription) andscripts/dictate.py(via microphone recording). - Boundary markers: Absent. The skill does not use delimiters or instructions to treat the transcribed content as untrusted data.
- Capability inventory: The skill utilizes the
Bash,Read, andWritetools, which provide a significant attack surface if the agent follows malicious instructions embedded in audio. - Sanitization: Absent. The transcription results are passed directly to the output stream without filtering.
- [COMMAND_EXECUTION]: Shell command templates in
SKILL.mduse variable interpolation for file paths ("<filepath>"). This pattern can lead to command injection if an agent processes a maliciously named file and the shell environment does not handle the escaping correctly. - [COMMAND_EXECUTION]: The provided Python scripts (
check_setup.py,dictate.py,transcribe.py) dynamically modify the Python module search path usingsys.path.insert(0, ...)based on environment variables or a default user directory (~/Programming/parakeet-dictate). This creates a runtime dependency on external code that is not contained within the skill's distribution. - [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to download and install external software, including the third-party 'Handy' application via Homebrew and various machine learning libraries (NVIDIA NeMo, PyTorch) via the
uvorpippackage managers.
Audit Metadata