Skills
skills/nicepkg/ai-workflow/transcribe-and-analyze/Gen Agent Trust Hub

transcribe-and-analyze

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The scripts/analyze_transcript.py script is vulnerable to indirect prompt injection. It reads transcript content (derived from untrusted media URLs) and interpolates it directly into the LLM prompt. Evidence Chain: 1. Ingestion points: Transcript files generated by scripts/transcribe.py from external URLs. 2. Boundary markers: Absent in the prompt template. 3. Capability inventory: Subprocess execution of yt-dlp and whisperkit-cli, and file system write access. 4. Sanitization: No sanitization or escaping is performed on the transcript text.
  • COMMAND_EXECUTION (LOW): The script scripts/transcribe.py uses subprocess.run to call yt-dlp and whisperkit-cli. While it uses list-based arguments to prevent shell injection, the execution of these binaries is a core capability that could be targeted.
  • EXTERNAL_DOWNLOADS (LOW): The skill depends on external tools yt-dlp and whisperkit-cli. The troubleshooting guide directs users to install these from external sources.
  • DATA_EXFILTRATION (LOW): Transcript content is transmitted to OpenAI's API for analysis. This is documented and intended behavior but involves the transmission of processed data to an external cloud service.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM