whisper-voice
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The installation and execution process requires running
swift buildandswift runto compile and launch a native application from theAiwithDhruv_Voice/WhisperAiwithDhruvdirectory. This allows for the execution of code contained within the skill's source files. - [EXTERNAL_DOWNLOADS]: The application initiates a network request during its first launch to download machine learning models (approximately 140MB for the base model) required for offline transcription.
- [COMMAND_EXECUTION]: The application requires the user to grant 'Accessibility' permissions in macOS System Settings. This high-privilege permission allows the app to monitor and control other applications, which is used to implement the 'auto-type' feature by injecting keystrokes into active text fields.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests untrusted live audio data that is transcribed into text and provided as an output.
- Ingestion points: Live audio captured via the microphone and processed by WhisperKit.
- Boundary markers: None documented for the transcribed output string.
- Capability inventory: The skill uses
swift buildandswift runfor execution, and Accessibility permissions for system-wide text injection. - Sanitization: The skill documentation mentions filtering for Whisper-specific artifacts (hallucinations), but it does not appear to sanitize the transcribed text for potential prompt injection or malicious instructions that could affect downstream agent tasks.
Audit Metadata