transcribe
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple commands via the
voxflowCLI andffmpegto process audio and video files, includingasr,dub, andvideo-translate. - [EXTERNAL_DOWNLOADS]: The skill fetches remote media content for processing when the
--urlflag is used with theasrcommand. It also requires the installation of thevoxflowpackage from the npm registry. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data (audio, video, and SRT files) through LLM-based translation and summarization services.
- Ingestion points: User-provided files and remote URLs processed by
asr,translate,video-translate, andsummarizecommands inSKILL.md. - Boundary markers: No explicit delimiters or instructions are used to separate untrusted content from the system prompts during processing.
- Capability inventory: The skill possesses file system access (read/write), network communication capabilities (API, Cloudflare R2, and webhooks), and external command execution.
- Sanitization: There is no evidence of specific sanitization or filtering of the content before it is sent to the language models.
Audit Metadata