openai-whisper-api
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with the OpenAI API (api.openai.com), which is a well-known and trusted service. This interaction is necessary for the skill's primary function.
- [COMMAND_EXECUTION]: Executes curl to interact with the API and mkdir to manage output directories. Shell variables are handled using proper quoting to prevent common injection vulnerabilities.
- [CREDENTIALS_UNSAFE]: Uses the OPENAI_API_KEY retrieved from the environment or a local config file. The script securely includes this key in the Authorization header.
- [DATA_EXFILTRATION]: Transfers audio content to a remote server. This is the intended behavior of the transcription tool and is directed towards a trusted vendor.
Audit Metadata