openai-whisper
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install the Whisper library from OpenAI's official GitHub repository. Because OpenAI is a trusted organization, this external download is considered safe.
- [COMMAND_EXECUTION]: The skill utilizes the
whispercommand-line tool and the Pythonsubprocessmodule to handle audio file transcription. These operations are essential for the skill's functionality and are performed locally. - [PROMPT_INJECTION]: The skill was reviewed for indirect prompt injection surfaces (Category 8). 1. Ingestion points: Audio files provided for transcription. 2. Boundary markers: None mentioned for the transcription output. 3. Capability inventory: Subprocess calls and file system access for processing. 4. Sanitization: Not explicitly implemented in the provided patterns. While the skill processes untrusted audio, no malicious code or instructions were detected within the skill's own implementation.
Audit Metadata