openrouter-transcribe
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands
ffmpegandjq.ffmpegis used to convert input audio files to a standard WAV format (mono, 16kHz) to ensure compatibility with transcription models.jqis used to safely construct JSON payloads for the API request, preventing shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
https://openrouter.ai/api/v1/chat/completionsto perform transcription. OpenRouter is a well-known service for accessing various AI models. The requests include necessary authentication headers using the user-providedOPENROUTER_API_KEY. - [EXTERNAL_DOWNLOADS]: The bash wrapper uses
npx tsxto execute the TypeScript version of the transcription script.npxis a standard Node.js utility that may download thetsxrunner if it is not already present in the environment. - [DATA_EXFILTRATION]: The skill reads audio files provided as arguments and sends their content (Base64 encoded) to the OpenRouter API. This is the intended behavior of the skill and no access to sensitive system files or credentials (beyond the required API key) was detected.
Audit Metadata