parakeet

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted audio input and returns the transcribed text to the agent's context without sanitization or boundary markers.
  • Ingestion points: scripts/transcribe.py (via file transcription) and scripts/dictate.py (via microphone recording).
  • Boundary markers: Absent. The skill does not use delimiters or instructions to treat the transcribed content as untrusted data.
  • Capability inventory: The skill utilizes the Bash, Read, and Write tools, which provide a significant attack surface if the agent follows malicious instructions embedded in audio.
  • Sanitization: Absent. The transcription results are passed directly to the output stream without filtering.
  • [COMMAND_EXECUTION]: Shell command templates in SKILL.md use variable interpolation for file paths ("<filepath>"). This pattern can lead to command injection if an agent processes a maliciously named file and the shell environment does not handle the escaping correctly.
  • [COMMAND_EXECUTION]: The provided Python scripts (check_setup.py, dictate.py, transcribe.py) dynamically modify the Python module search path using sys.path.insert(0, ...) based on environment variables or a default user directory (~/Programming/parakeet-dictate). This creates a runtime dependency on external code that is not contained within the skill's distribution.
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to download and install external software, including the third-party 'Handy' application via Homebrew and various machine learning libraries (NVIDIA NeMo, PyTorch) via the uv or pip package managers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:39 PM
Security Audit — agent-trust-hub — parakeet