transcribe-audio
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The workflow in
SKILL.md(Steps 2 and 3) instructs the agent to execute shell commands likewhisperxandrubyusing variables such as[library-name]and video file paths. Without explicit instructions for shell escaping or sanitization, these templates allow for arbitrary command injection (e.g., via subshells like$(...)) if the metadata or filenames are sourced from untrusted inputs. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill depends on
whisperx, an external Python package not bundled with the skill. Relying on an unverified setup process to provide this dependency introduces risks related to supply chain security and unverifiable code execution. - [DATA_EXFILTRATION] (MEDIUM): The
prepare_audio_script.rbscript performsFile.readandFile.writebased on command-line arguments. If an attacker can manipulate these arguments via the identified command injection or other means, they could read sensitive files or overwrite system files. - [INDIRECT PROMPT INJECTION] (HIGH):
- Ingestion points: The skill reads metadata from
library.yamland processes tool output invideo_name.json. - Boundary markers: None are specified to separate instructions from data.
- Capability inventory: The skill can execute shell commands (
whisperx,ruby) and modify local files (File.write). - Sanitization: None. The skill interpolates untrusted data directly into command strings, creating a high-risk capability surface.
Recommendations
- AI detected serious security threats
Audit Metadata