Paratran Transcription
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions prompt users to download source code using
git clonefrom an untrusted GitHub account (briansunter/paratran) which is not on the verified list.- REMOTE_CODE_EXECUTION (MEDIUM): Employsuvxto fetch and execute theparatranpackage from a remote source at runtime, which bypasses local verification of the execution logic.- COMMAND_EXECUTION (LOW): The skill is designed to execute command-line tools and start a local REST API server to perform its primary function of audio transcription.- PROMPT_INJECTION (LOW): Susceptible to indirect prompt injection. The skill processes audio data which, when transcribed into text, could contain instructions that influence the AI agent's logic. Evidence Chain: 1. Ingestion points: Audio files provided via CLI or MCPfile_path. 2. Boundary markers: Absent. 3. Capability inventory: Execution ofparatranvia subprocess and starting a local server. 4. Sanitization: Absent.
Audit Metadata