omnicaptions-transcribe
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The setup instructions direct users to install a package (omni-captions-skills) using a custom PyPI index (https://lattifai.github.io/pypi/simple/). This is an untrusted source outside the official PyPI infrastructure, creating a supply chain risk where the package could contain malicious code.
- [COMMAND_EXECUTION] (LOW): The skill utilizes Bash tools (omnicaptions, yt-dlp) that accept user-provided URLs and file paths. This presents a potential command injection surface if the agent does not properly sanitize shell metacharacters in the input.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted external content from YouTube and local files. This exposes the agent to Indirect Prompt Injection (Category 8) where malicious instructions could be embedded in metadata or audio. * Ingestion point: YouTube URLs and local media files. * Boundary markers: Absent. * Capability inventory: Bash command execution for transcription and file operations. * Sanitization: None mentioned in the skill definition.
Audit Metadata