transcription
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the third-party Python package
transcribe-anythingand optionallywhisperxfrom PyPI to perform its core functions. - [COMMAND_EXECUTION]: The main script
scripts/main.cjsexecutes thetranscribe-anythingCLI usingchild_process.spawn. Although it mitigates shell injection by avoiding a shell wrapper, it executes an external binary with parameters controlled by agent/user input. Additionally,SKILL.mdcontains a Python implementation example that usesos.system()to dynamically build and execute command strings for batch processing. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted audio/video data from external files or URLs.
- Ingestion points: Media files or YouTube/Rumble URLs are passed into the skill via the
inputargument inscripts/main.cjs. - Boundary markers: The skill does not provide instructions or structural delimiters to ensure the agent treats the resulting transcript as data rather than instructions.
- Capability inventory: The skill environment has permissions to execute CLI commands, write files to the local system, and initiate network requests via the underlying tools.
- Sanitization: There is no mechanism within the skill to sanitize spoken instructions or malicious prompts embedded within the transcribed text.
Audit Metadata