Skills
skills/daymade/claude-code-skills/asr-transcribe-to-text/Gen Agent Trust Hub

asr-transcribe-to-text

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute ffmpeg, ffprobe, and curl for media processing and API interaction. These calls use argument arrays rather than shell strings, effectively preventing command injection vulnerabilities. Evidence found in SKILL.md and scripts/overlap_merge_transcribe.py shows appropriate handling of file paths and service URLs.
  • [EXTERNAL_DOWNLOADS]: The skill sends media data to an external ASR endpoint. This endpoint is not hardcoded; instead, the skill requires the user to provide the URL during a setup phase, ensuring the user maintains control over where their data is sent.
  • [DATA_EXFILTRATION]: While the skill transmits audio/video content to a remote server, this is the intended core functionality of a transcription tool. The workflow is transparent, asking for user configuration of the endpoint and providing health checks before processing sensitive data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 03:21 PM