openai-whisper-api
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/transcribe.shexecutescurlto interact with the OpenAI API. This is the primary intended function of the skill and uses standard parameters for multipart/form-data uploads. - [DATA_EXFILTRATION]: The skill reads a user-specified audio file and the
OPENAI_API_KEYfrom the environment, sending them tohttps://api.openai.com/v1/audio/transcriptions. Since this is the official endpoint for a well-known service, this behavior is documented as neutral and safe for the skill's purpose. - [SAFE]: No evidence of prompt injection, obfuscation, unauthorized persistence, or privilege escalation was found in the provided files. The script uses defensive bash settings (
set -euo pipefail) and follows standard practices for a command-line tool.
Audit Metadata