openai-whisper
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs the 'openai-whisper' package via Homebrew. OpenAI is a trusted organization, and Homebrew is a standard, reputable package manager.
- [COMMAND_EXECUTION] (SAFE): The skill executes the 'whisper' command-line tool as intended for its primary purpose. Execution is local and limited to the transcription of provided audio paths.
- [PROMPT_INJECTION] (LOW): This skill represents a surface for Indirect Prompt Injection. 1. Ingestion points: External audio files processed by the CLI (SKILL.md). 2. Boundary markers: None present in the command strings. 3. Capability inventory: Local command execution via the whisper CLI. 4. Sanitization: None present for the transcribed output. This is a low-severity finding as it is an inherent characteristic of processing untrusted media files.
Audit Metadata