openai-whisper
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
openai-whisperformula using Homebrew. This is a legitimate package from OpenAI, which is a recognized trusted organization. - [PROMPT_INJECTION]: The skill processes untrusted audio data, creating a potential surface for indirect prompt injection. Although this is inherent to the transcription task, it is documented for awareness. Ingestion points: Audio files (e.g., .mp3, .m4a) processed by the
whispercommand. Boundary markers: No specific instructions are provided to the agent to treat transcription output as untrusted content. Capability inventory: Transcribes audio and writes text or subtitle files to the local directory. Sanitization: The skill returns raw transcribed text without filtering or validation.
Audit Metadata