transcriptapi
Warn
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a Node.js script (
scripts/tapi-auth.js) to handle authentication. This script performs extensive modifications to user shell profiles (including.bashrc,.zshenv, and.profile) and agent configuration files (openclaw.json) to persist the API key as an environment variable. - [CREDENTIALS_UNSAFE]: The authentication process stores the TranscriptAPI key in plain text across several shell configuration files and a hidden fallback file (
~/.transcriptapi). - [DATA_EXFILTRATION]: User email addresses and verification codes are transmitted to the external domain
transcriptapi.comduring the account registration and verification steps. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted YouTube transcript data for processing.
- Ingestion points: Transcripts enter the agent's context through the
/api/v2/youtube/transcriptendpoint. - Boundary markers: The instructions do not implement delimiters or provide explicit directives for the agent to ignore instructions embedded within the transcript text.
- Capability inventory: The agent can execute file system modifications via the provided script and perform network requests via
curl. - Sanitization: There is no documented sanitization or filtering of transcript content before it is analyzed by the agent.
Audit Metadata