Skills
skills/danielmiessler/personal_ai_infrastructure/AudioEditor/Gen Agent Trust Hub

AudioEditor

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various CLI tools for media processing, including ffmpeg, ffprobe, whisper, and insanely-fast-whisper. It also performs background curl requests to a local notification server (localhost:8888) to provide status updates.
  • [DATA_EXFILTRATION]: The skill transmits audio and transcript data to third-party services (Anthropic and Cleanvoice) to perform AI-based analysis and processing. This is a functional requirement of the skill.
  • [EXTERNAL_DOWNLOADS]: The Polish.ts tool downloads processed media files from Cleanvoice's infrastructure after cloud-based processing is complete.
  • [PROMPT_INJECTION]: The skill processes untrusted audio transcripts and uses an LLM to identify edit points. The system prompt explicitly instructs the LLM to follow 'edit markers' spoken by the user in the audio, creating an indirect prompt injection surface where the processed data can influence the tool's behavior.
  • Ingestion points: Audio transcripts processed in Analyze.ts.
  • Boundary markers: None identified; transcript segments are interpolated directly into the LLM prompt.
  • Capability inventory: Analysis results drive the Edit.ts tool, which executes file-cutting operations using ffmpeg.
  • Sanitization: No filtering or sanitization is performed on the transcript text to distinguish between intended content and potentially malicious embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 01:03 AM