long-audio-transcript-processor
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (
setup_workspace.py) included in the skill's package to initialize the working directory and manage files.- [COMMAND_EXECUTION]: The processing workflow suggests using shell-level commands such assedto extract specific line ranges from transcript files.- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by reading and processing the contents of untrusted transcript files provided by the user. - Ingestion points: Transcript files are read directly from the
1-原始文件/directory. - Boundary markers: The instructions lack specific delimiters or protective instructions (e.g., 'treat the following text as data only') to prevent the model from obeying instructions embedded in the transcript.
- Capability inventory: The agent has capabilities to read/write files and execute local scripts and shell commands.
- Sanitization: The skill does not perform any validation or sanitization of the transcript content before it is processed by the agent.
Audit Metadata