transcribe
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): The skill handles the OpenAI API key securely by instructing the user to set it as an environment variable rather than prompting for it in a chat interface or hardcoding it. The script retrieves the key using os.getenv.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing the official 'openai' package through standard package managers (pip, uv). It does not download or execute unverified external scripts.
- [COMMAND_EXECUTION] (SAFE): The Python CLI script uses standard libraries for file and network operations and does not employ dangerous functions like eval(), exec(), or subprocess for arbitrary command execution.
- [DATA_EXFILTRATION] (SAFE): File system access is limited to the audio and reference files provided as arguments. Network activity is limited to the official OpenAI API endpoint for the purpose of transcription.
- [PROMPT_INJECTION] (SAFE): The instructional content in SKILL.md and the interface definition in agents/openai.yaml contains only task-specific guidance and lacks any patterns of behavior-override or safety-bypass attempts.
Audit Metadata