document-to-narration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The
transcribe-full.pyscript uses theopenai-whisperlibrary, which automatically downloads model weights from OpenAI's infrastructure. These are trusted sources for machine learning models. - COMMAND_EXECUTION (LOW): The orchestration script
full-pipeline.tsexecutes other project scripts usingDeno.Command. It passes arguments as an array rather than a single string, which is a secure practice that prevents shell injection vulnerabilities. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests user-provided text files for narration. While this is untrusted data, its use is restricted to text-to-speech generation and does not influence the execution flow or security parameters of the agent.
- Ingestion points:
scripts/full-pipeline.ts(via the inputFile argument). - Boundary markers: Absent (input is treated as raw text for narration).
- Capability inventory: Subprocess execution (Deno/Python), file read/write.
- Sanitization: None (the input is consumed as a string for TTS conversion).
Audit Metadata