transcribe-and-analyze
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (LOW): transcribe.py uses subprocess.run with lists for yt-dlp and whisperkit-cli, preventing shell injection.
- Indirect Prompt Injection (LOW): analyze_transcript.py interpolates untrusted transcripts into prompts without delimiters. Ingestion: scripts/analyze_transcript.py; Boundary markers: Absent; Capabilities: Returns analysis; Sanitization: None.
- External Downloads (LOW): The skill depends on yt-dlp and WhisperKit, which are external tools not from the predefined trusted list.
Audit Metadata