openrouter-transcribe

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands ffmpeg and jq. ffmpeg is used to convert input audio files to a standard WAV format (mono, 16kHz) to ensure compatibility with transcription models. jq is used to safely construct JSON payloads for the API request, preventing shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to https://openrouter.ai/api/v1/chat/completions to perform transcription. OpenRouter is a well-known service for accessing various AI models. The requests include necessary authentication headers using the user-provided OPENROUTER_API_KEY.
  • [EXTERNAL_DOWNLOADS]: The bash wrapper uses npx tsx to execute the TypeScript version of the transcription script. npx is a standard Node.js utility that may download the tsx runner if it is not already present in the environment.
  • [DATA_EXFILTRATION]: The skill reads audio files provided as arguments and sends their content (Base64 encoded) to the OpenRouter API. This is the intended behavior of the skill and no access to sensitive system files or credentials (beyond the required API key) was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 02:11 PM
Security Audit — agent-trust-hub — openrouter-transcribe